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management is asking for the moon: quickly and cost-efficiently 
develop a site that offers a personalized experience for customers 

past, building-in the kind of robust data analytics 
you’re being asked for could take thousands of hours (most of them 
yours). But now there’s help: Microsoft Commerce Server 2000. 


Part of the flexible Microsoft .NET Enterprise Server family, Commerce 
Server 2000 works with BizTalk™ Server 2000 and SQL Server™ 2000 


offer you a less complicated 


time-consuming approach to 


building tailored, effective e-commerce solutions. For example, 


According to Netcraft, the 
leading supplier of market 
intelligence and Web server 
data, more e-commerce Web 
site solutions are built on the 
Microsoft enterprise e-commerce 
platform than on any other* 


Commerce Server 2000 comes 


with fully functional out-of-the- 
box starter sites, and pre-built 


applications such as click 


stream analysis, to help you 


get your site up and running even faster. And with full XML support, 
mless data transfer moves from the wish list to the “done" list. 


So go ahead and build the effective site you’re being asked 
build, and still manage to have a life. To find out more, visit 

microsoft.com/commerceserver Software for the Agile Business. 


or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may t>e the trademarks of their respective own 
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Plans from $24.95/month 

With support for: 

Active Server Pages 

ColdFusion 5.0 
CFFILE, CFDIRECTORY, 
and CFCONTENT tags 

Frontpage 2002 

SharePoint Team Services 

MS SQL Server 7 and 2000 

MS Access, FoxPro 

StoreFront and other 
shopping carts 

Verisign Payment Services 

Drumbeat 

WebTrends 

More.... 
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Microsoft Exchange Server is a registered trademark of Microsoft 
Corporation. All other trademarks are property of their respective holders. 


HostPilot was designed to put web server controls at your fingertips. From the first moment you 
create a virtual server, you'll feel the difference of real, hands-on control. 

Here are just a few of the HostPilot features that have web developers flying high: 

- Set up a web sever in 10 minutes or less 

- Manage your data sources on the fly. 

- Create custom tags on the fly. 

- Set user permissions on the fly. 

Experience the Ultimate Control Panel, first hand. 

Take a test flight at www.intermedia.net 

^INTERMEDIA. NET 

1-800-379-7729 

FOR FREE SET UP USE PROMO CODE WEBTEC2001 
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Running Servlets in a 

Multi-Threaded 

Environment 

by Adam Kolawa 


Servlets are typically run inside a multi¬ 
threaded environment where the server is 
capable of creating multiple threads to 
handle several HTTP requests 
simultaneously. These requests are all 
handled by the same instance of the servlet 
class. This generally isn’t too difficult, but it 
can introduce difficult-to-debug problems 
into your application if you are not 
anticipating the potential pitfalls. For a simple 
example of such a problem, create an HTML 
page with the following form: 

<FORM ACTION=/servlet/BuggyServlet 
METHOD=GET> 

<INPUT TY?E=TEXT NAME=USER> 

<INPUT TYPE=SUBMIT> 

</FORM> 

The BuggyServlet looks like this: 

public class BuggyServlet extends HttpServlet { 
String user; 

public void doGet (HttpServletRequest req, 

HttpServletResponse res) 
throws IOException 


Your name 


user = req.getParameter("USER") 
PrintWriter out =res.getWriter( 
out.printlnf"Hello ”+user); 


Normally, the servlet will respond Hello 
user, where user is the name that was 
entered in the original form. However, because 
we stored the name in a member variable 
rather than a local one, it is shared between 
multiple threads. As a result, if one thread 
assigns user to Fred and another thread 
then assigns user to Barney before the 
first thread prints its message, both requests 
will return the same reply: Hello Barney. 
This kind of problem is called a race condition 
because each thread is racing to complete its 
task before another thread interrupts it. 
Because the timing is very close, these 
problems might not occur very often. However, 
when they do occur, it’s often quite difficult to 
determine their cause because such problems 
will be hard to reproduce. 


Adam Kolawa, Ph.D., is Chairman and CEO of 
ParaSoft. You can reach him at ak@parasoft.cor 


Download your eJB M 
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ParaSoft 

webking 

Prevent and detect errors in your 
dynamic site—automatically 


WebKing™ is a comprehensive tool that helps 
dynamic Web site developers and testers improve 
site quality and development process efficiency. 
Webking automatically exposes load, construction, 
functionality, presentation, content, and design 
problems on your site. Paths are created 
automatically so you can thoroughly test your 
dynamic site without writing a single script. 
Webking also provides an infrastructure that lets 
you automatically deploy and test any back-end 
component and related output pages. This helps 
you thoroughly test programs as soon as they are 
developed so you can spot critical problems early 
and repair them before they lead to further errors. 
With Webking, you can automatically perform the 
following testing techniques. 

Construction Testing 

Each potential path through a dynamic site might 
contain different problems, so you need to create 
and test a virtually infinite number of paths to 
thoroughly test your site’s construction. Just click 
a button and Webking automatically designs, 
traverses, and tests a wide variety of realistic paths 
through the site. These tests expose problems 
such as servlets that throw exceptions, CGIs that 
core dump, databases that crash, and errors that 
affect data input, presentation, and navigation: they 
also enforce coding standards which prevent 
errors. 

Load Testing 

Webking's load testing feature lets you find 
a wide range of load-related problems with 
the click of a button. Webking automatically 
creates and traverses the requested number 
and type of paths through the site, then 
reports where user traffic could cause 
functionality problems, bottlenecks, and 
program failures. Load-related 
problems are often a symptom of 
critical algorithmic problems: if 
you use Webking to start load 
testing early in the development 
cycle, you can spot these 
algorithmic problems immediately 
and prevent them from 
creating additional problems. 


Functionality Testing 

You can also perform two types of functionality 
testing with Webking. First, you can check whether 
critical paths through your site contain errors. Just 
specify the functionality you want Webking to test 
by extending the automatically-generated set of 
inputs and paths, then Webking will create and test 
that functionality. Second, you can test whether 
appropriate pages contain specific content and 
design elements (such as buttons, text, images, 
etc.) by having Webking automatically create and 
enforce rules that check for the presence of these 
elements. These rules describe elements in such a 
way that intentional changes (like a calendar that 
highlights a different date on a daily basis) are not 
falsely reported as errors. 

Regression Testing 

You can maintain your site’s integrity by 
performing automatic regression testing. Webking 
saves your test cases so every time you modify 
your site, you can verify that it’s still correct by 
clicking a button. Or, you can integrate batch mode 
Webking into your nightly builds to ensure that 
new errors are found and fixed immediately. 

Try it Today 

To improve Web site quality and speed up your 
development process, download a fully-functional 
demo of Webking today at www.parasoft.com/wt12. 
or call (888) 305-0041 for more information. 




©200 1 ParaSoft Corporation. Monrovia. CA. USA. ParaSoft is a registered trademarkof ParaSoft 
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Not everyone thinks the future belongs to subscription-based Web sites. 
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Editor in chief, Amit Asaravala, will return next month. Barry is 
an Internet media consultant and the former director of 
e-commerce research at IDC. He was also co-creator of News.com 
and a key developer of the first online newspaper at the San 
Jose Mercury News. 


It’s surprising how many executives don’t understand the 

economics of their own businesses. Earlier this year, the 
publisher of a large, successful magazine told me he can’t 
wait to “charge for information the way God intended” now 
that giving away content in exchange for advertising dollars 
has failed. 

There are so many reasons why publishers who think this 
are wrong. First, most forms of media are already given 
away quite successfully. Second, the economics of Web 
publishing determine that there’s more money to be made 
by giving away content than by selling it. And finally, 
research shows that disruptive technologies require us to 
rethink our own cost structures, not our customers’. 

Note that virtually all radio and television content is free 
for consumers. In a recent Slate column, editor Michael 
Kinsley demonstrated how newspapers are already being 
sold at the cost of the newsprint. The costs of researching, 
writing, editing, and printing the news, (plus the 20 percent 
or so profit margin) are borne by advertisers. 

For magazines like this one, giving away free subscrip¬ 
tions to qualified readers results in higher revenues than 
paid subscription models. This is because they can charge 
advertisers more for access to the magazine’s targeted aud¬ 
ience. Even magazines that charge for subscriptions often 
sell them at a loss with respect to marketing and printing 
costs. In fact, publishers have set up elaborate auditing 
mechanisms to keep their competitors from simply shipping 
magazines to people who might be interested in their title. 

Digital Economics 

Although it used to be called a new economy business, 
online publishing has a lot in common with the traditional 
steel business. The fixed costs (servers, writers, editors, 
producers) are high, while the variable costs (sending out 
one more page) are low. In businesses with high fixed costs 
and low variable costs-like content sites where it costs no 
more to publish another page-expenses rapidly converge on 
zero. The more you sell, the lower your cost per unit. This is 
what happened in the newspaper business at the turn of the 
last century. Publishers like William Randolph Hearst cut 
the price of papers to a penny per issue to drive competitors 
out of business and increase advertising revenue. 

Knowing this, it’s strange to imagine charging for 
content. What happens when you charge for access to your 


site? Your production expenses stay about the same and 
your readership plummets. In essence, the cost of serving 
each reader goes up dramatically. 

The best business book I read in the last five years is 
Clayton Christensen’s The Innovator’s Dilemma. The author 
explains that when a disruptive technology emerges in an 
industry, traditional players fail to understand the econom¬ 
ics of it. The margins seem impossibly low and the products 
are uneconomical to their traditional customers. (Does this 
remind you of online advertising?) 

Look back at the failures of the last couple of years, and 
you’ll begin to see the outlines of our problem. Every new 
site required millions to be spent on branding, just as a 
new, traditional company might. Expensive offices were 
acquired in desirable locations. Traditional journalists 
were paid budget-busting salaries to join online startups. 
Instead of minimizing fixed costs, we outspent our tradi¬ 
tional competitors. William Randolph Hearst wouldn’t have 
made such mistakes. 


What Next? 

Online advertising is suffering right now, but advertisers 
are still spending. In the first half of 20m, the supposedly 
discredited online ad spending was down only 8 percent. 
Between 5 and 10 billion dollars will still be spent for online 

ads this year. 

Of course, existing advertising methods and prices may 
not survive. Just because the Internet has changed publish¬ 
ing, doesn’t mean that it comes with a ready-made busi¬ 
ness model any more than print does. Those who are quick 
to condemn Salon for not making money on advertising 
should remember that The New Yorker, Harper’s, and The 
Atlantic Monthly aren’t big money makers either. 

We must understand that building a media business is 
an expensive, long-term investment. We can see examples 
of this patience in the way Hearst built his newspaper 
empire, Henry Luce created S ports Illustrated, Al Neuharth 
started USA Today, or Ted Turner created CNN. These busi¬ 
nesses took millions of dollars, many years, and an execu¬ 
tive (usually the owner) with vision and ability. 

Truly successful online publications will be privately 
held or strongly controlled by a visionary CEO. They’ll 
either be large enough to be able to minimize their fixed- 
costs per page view, or they’ll be small and focused, and 
will charge a lot for advertising. Mid-size sites without a 
focused market will continue to fail. And the most 
important quality of the winners will be their ability to 
persevere in the face of withering criticism. When they 
ultimately succeed, what they did will seem obvious to us 
in hindsight. >< 
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"Will you marry me? We have been so 
impressed with Rackspace's support we 

would like to spend the rest of our lives 
with you." ~ . 

Dustin Revm, eBookAd.com 




GET FANATICAL SUPPORT™ AT RACKSPACE 

- Get Instant Access 24x7x365 to Your Dedicated Support Team. 

■ Get Up and Running in 24 hours. 

■ Get Servers and Bandwidth on Demand. 
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WEBMASTER’S 

DOMAIN 


Lincoln D. 
Stein 


The broadband market seems to be gasping. It’s time for some healthy 
competition to liven things up. 



i 





A little more than a year ago, I suggested that the Internet 

boom might be like the California Cold Rush (“How to Make 
Money on the Internet,” Web Techniques October 2000). I 
predicted that most pure-play e-commerce companies that 
rushed in to grab the gold would crash, while those respon¬ 
sible for the infrastructure-purveyors of pickaxes and shov¬ 
els during the Cold Rush, providers of routers and fiber 
optics in the Internet rush—would make out like bandits. 

I was half right. E-commerce companies have either gone 
belly-up (Webvan), have been integrated into successful 
brick-and-mortar retailers (Williams-Sonoma), or are still 
hurtling forward on the boom-years momentum (Amazon) 
toward an uncertain future. 

However, the pickaxe-and-shovel sector hasn’t made a 
spectacular killing either. Fiber optic makers like Nortel and 
Corning apparently bought into the Gold Rush mentality, 
investing in vast fiber optic capacity for a networking boom 
that never came. These companies are now sitting on a pile 
of debt. Corning announced in July that it was closing three 
plants involved in its fiber optics business. Cisco, the 
NASDAQ darling and purveyor of fine routers, is struggling 
to turn a profit and has seen its stock value drop by more 
than 40 percent since the beginning of the year. 

Then there’s broadband. Companies that provide DSL serv¬ 
ice have been going bankrupt as fast as dot-coms, with well 
publicized closures of NorthPoint and Rhythms DSL providers, 
AT&T’s plan to spin-off and possibly sell its cable division, and 
the financial distress of broadband ISP giant Excite0)Home. 

Although most industry pundits continue making bullish 
predictions, the second quarter of 2001 showed a dramatic 
reversal in the rate of new broadband subscriptions. Each 
quarter over the past two years, the rate at which new users 
sign up for broadband has increased by 5 to 10 percent. In 
02 of 2001, however, the rate actually dropped into the 
negative range. The worst case was SBC (formerly South 
western Bell and Pacific Bell), which added 187,000 new 
broadband customers in the first quarter of 2001, but only 
83,000 in the second, a drop of 56 percent. However, all 
broadband companies suffered, cable and DSL alike. 

Broadband: Dream or Nightmare? 

The road has been particularly rocky for users of DSL ser¬ 
vices. My own case illustrates this point. In 1998, having just 
moved to Long Island, I purchased an ISDN line-the state- 
of-the-art in broadband at the time-and contracted with a 


ISDN line connected to the ISP in just a second without 
mucking around with handshaking tones, and it was dead 
reliable. In all of the years I had ISDN, I never had a single 
network outage. 

Two years later, the shine had worn off ISDN, and I wanted 
a faster service. Of the two mainstream broadband tech¬ 
nologies, cable and DSL, only DSL was available at that time. 

DSL and cable are fundamentally different from ISDN. 

With ISDN I could buy the service from the phone company 
first, and later go shopping for an ISP. With DSL and cable, 
you commit to an ISP first, and the ISP does the rest. After 
some comparison shopping on the excellent DSL Reports 
Web site, I chose Megapath Networks, a national broadband 
ISP with a good reputation. 

Here’s where things got complicated. Provisioning a DSL 
line is an intricate dance among three parties, each one 
adorned with an ugly acronym: the ISP (Internet Service 
Provider), the ILEC (Incumbent Local Exchange Carrier, also 
known as the local phone company), and the CLEC (Competi¬ 
tive Local Exchange Carrier). The ISP provides the gateway 
to the Internet. The CLEC provides the DSL line that connects 
the customer to the ISP’s equipment. The ILEC is responsible 
for the loop of copper cable between the customer’s home 
and the CLEC’s equipment in the central switching office. In 
other words, the end user is the ISP’s customer, the ISP is the 
CLEC’s customer, and the CLEC is the ILEC’s customer. 

Sounds simple? No. In my case, the CLEC was NorthPoint, 
and the ILEC was Bell Atlantic, now Verizon. Getting DSL 
se-vice took about six weeks, and involved separate visits by 
Bell Atlantic to install the line and by a NorthPoint techni¬ 
cian to install and configure the DSL modem/router. Because 
I wanted static IP addresses to run a local Web server and 
experiment with peer-to-peer, I paid extra for the service, 
about $200 per month for 768KBps. In case you’re counting, 
this is about 25-cents per KBps, as opposed to 54-cents per 
KBps for the ISDN, and 35-cents per KBps for a 56K modem. 

In addition to the long wait for installation, the cumber¬ 
some nature of the relationship among end-user, ISP, CLEC, 
and ILEC became apparent as soon as something went wrong. 

I lost connectivity twice during the year I used Megapath. The 
first time was when a Bell Atlantic technician “borrowed” my 
loc al loop to use for another resident on my block. The second 
time was when Bell Atlantic moved a switching point a few 
hundred feet down the road and neglected to reconnect my 
line. In both cases, the process went like this: 


local ISP to provide Internet service. I paid two bills: one to 
the local phone company, and one to the ISP. For about $70 
per month, I had a total bandwidth of i28KBps. Although I 
was paying about three times the price of a 56K connection 
for only about twice the bandwidth, it was worth it. The 


• Call Megapath technical support, leave a message on 
the voice mail. 

• Receive call back from technical support, tell them that 
DSL line is dead. 
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WEBMASTER’S DOMAIN 


• Megapath technician performs ping tests, 
confirms that line is dead. 

• Megapath technician calls NorthPoint 
technical support, enters a trouble ticket. 

• Megapath technician calls me back, makes 
appointment for me to speak with 
NorthPoint technical support. 

• NorthPoint calls me, performs line tests 
(power cycling router; checking telephone 
cable). 

• NorthPoint calls Bell Atlantic, enters 
trouble ticket. 

• Bell Atlantic calls me to schedule 
appointment. 

• Bell Atlantic fixes problem. 

My service was down for a week the first 
time this happened, and two weeks the second. 

Then, out of the blue last March, I got an 
urgent email from Megapath, warning me that 
NorthPoint had declared bankruptcy and was 
discontinuing support for its network within 48 
hours. Megapath offered to move my service to 
the Rhythms CLEC, a process it estimated 
would take four weeks. Based on news reports 
of Rhythms’ own financial distress, i decided to 
move my service to Acecape, a local ISP in New 
York City. What differentiated the Acecape serv¬ 
ice from Megapath/Northpoint DSL was that 
Acecape leases its DSL lines directly from the 
ILEC, now rechristened Verizon. 

It turns out that I made the right choice. In 
August, just five months after NorthPoint went 
under, Rhythms also declared bankruptcy. 
Megapath began plans to move Rhythms 
customers to the last big DSL CLEC, Covad. But 
two weeks after Rhythms went under, Covad 
declared Chapter 11 and began restructuring its 
debt. Although Covad remains in operation, 
its future is far from certain. 


Meanwhile, I’ve found that dancing with two 
partners isn’t all that much better than danc¬ 
ing with three. My Acecape/Verizon service 
uses ADSL (Asynchronous Digital Subscriber 
Line), a form of DSL that’s shared with a con¬ 
ventional voice line. The phone company is 
usually pretty prompt about fixing broken 
voice lines, and you’d think that this would 
lead to good response to data line problems, 
but it turns out that it doesn’t work this way. 

Different divisions of Verizon are responsible 
for the line’s data and voice components. A few 
weeks ago, I began to hear an annoying buzz on 
the voice line and called Verizon to service it. It 
fixed the buzz, but broke the ADSL service. I 
then called my ISP to fix the ADSL, and got the 
service back after a few days, but my vo ce line 
went dead. This went back and forth for about a 
week before I had both working voice and 
Internet at the same time. The episode ended 
with the Verizon repairman giving me his direct 
office number and asking me to call him 
personally if I had any more problems. Great, 
but who do I call when he goes on vacation? 

The basic problem with DSL is that the ILECs 
are unwilling partners in the system. The only 
reason that ILECs let ISPs and CLECs lease the 
local loop at all is that the baby Bells were 
forced to accept competition in the data mar¬ 
kets as part of the 1982 consent decree that 
broke up AT&T. Verizon, SBC, Bell South, and 
the other ILECs are all in the broadband service 
business themselves. Not only does this make 
for a conflict of interest, but it also establishes 
a firm floor on the price of DSL service. The ILEC 
has monopoly power over the local loop, and is 
responsible for setting the prices CLECs oay to 
gain access. Under the decree, an ILEC cannot 
make a CLEC pay more to lease a DSL line than 
the ILEC pays itself. However, this doesn't mean 


the ILEC has to make the price low enough to 
compete with analog modems or cable. 

With high prices and poor service, it’s no 
wonder that NorthPoint and Rhythms fell, and 
that Covad is teetering. 

The Cable Connection 

What about cable? Cable TV is even more of a 
regional monopoly than phone service. Although 
I can get broadband cable service from Cablevi- 
sion, the service plan it offers to residential 
customers doesn’t include the static IP 
addresses I need, so I’m out of luck. 

However, this doesn’t explain why the rate 
of new subscriptions to cable-based service has 
been falling along with DSL. One explanation is 
that two of the major cable vendors, AT&T 
Broadband and Cox communications, both 
raised their subscription rates last spring when 
it became clear that the DSL industry was in 
trouble. Another is that the early adopters, 
those who really want speed for online gaming 
and file sharing, have ordered their service 
already and the rest of the world is happy with 
what they have. Personally, I’d like to believe 
that we’re just seeing the effects of the econ¬ 
omy and that cable subscriptions will pick up 
soon. I have no such hope for DSL. 

For broadband to succeed, it must be inex¬ 
pensive, reliable, and easy to install. Internet 
access via a 56K modem meets these goals 
because of its history of intense competition 
among the ISPs. I can’t think of a better way to 
commoditize broadband than to open it up 
to real competition as well. >< 


Lincoln is an M.D. and Ph.D. who designs infor¬ 
mation systems for the human genome project at 
Cold Spring Harbor Laboratory in New York. You 
can reach him at lstein(a)cshl.org. 


technology after September 1 i 


Fear and sadness linger months after terrorists destroyed the World 
Trade Center and part of the Pentagon. A New Yorker by birth, and a fre¬ 
quent visitor to the city, this hits me terribly hard. These brutal acts 
illuminate the vulnerability of the U.S. air transportation system; they 
also illustrate the attackers’ technical sophistication. They were able to 
infiltrate airport security, bypass anti-hijacking measures in the planes, 
disable radar transponders, and pilot the aircraft itself. 

As western nations tighten their security against attacks on the physical 
infrastructure, let us not overlook our growing dependence on the elec¬ 
tronic one. Armed with a few widely-available scripts, MafiaBoy, a teen¬ 
ager was able to bring down multiple commercial Web sites a year ago 
last’spring. Armed with a detailed understanding of how the financial 
news service Internet Wire gathers information, a fraudster was able to 
plant a phony press release from the Emulex Corporation, immediately 
dropping its stock value by 60 percent. 


We’re rapidly approaching a time when applications move out of the com¬ 
pany data center and off the PC, and out into a distributed world of 
application services. Will our mission-critical applications be safe. Will 
our mission-critical data be secure? Network security has never been 
uppermost in the minds of the designers of software and software 
architecture, and the provisions in place are usually there to protect 
confidentiality and discourage fraud. 

Let us consider the havoc a knowledgeable terrorist group could wreak on 
our electronic -nfrestructure, and build it from the ground up to protect 
against such attacks. At the same time, we must resist calls for broad 
and pervasive intelligence-agency monitoring of electronic communica¬ 
tion. The only thing worse than a free society cowed by terrorist threats 
is a society that voluntarily yields its freedom to the false security of a 
police state. 
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IBM IntelliStation E Pro 

Affordable workstation power 

Intel Pentium" 4 processor 1.60GHz 

128MB ECC memory 

Matrox G450 graphics 

40GB' ATA/100 EIDE hard drive 

48X max CD-ROM 

Microsoft" Windows 1 2000 

3-year parts/1-year labor limited warranty 4 


D NavCode 

621410U-M297 

SuccessLease™ 
for Small Business 


36 

MOS. 


$ 44/mo. 6 

CUSTOMIZE YOURS: 

IBM P96 19” (17.9" viewable) Monitor 

(Part #655163N) $529 or $19/month 


IBM IntelliStation M Pro 

Ultimate workstation performance 
Intel Xeon processor 1,70GHz 
512MB ECC memory 
ATI Fire GL4™ graphics 
18.2GB Ultra 160 SCSI hard drive 
48X max CD-ROM 
Microsoft Windows 2000 
3-year parts/1-year labor limited warranty 


NavCode 

685025U-M297 

SuccessLease $ 
for Small Business 


139/mo., mos. 

CUSTOMIZE YOURS: 

Additional Intel Xeon Processor 1 70GHz 

(Part #24P8402) $599 or $21/month 


ADOBE WEB 
COLLECTION 
FOR ONLY 

s 699 


Now when you buy any IntelliStation E Pro workstatior 
at its Web price, you can add the Adobe Web Collectic 
for only $699 ($ 1,099 if purchased separately). Plus, if 
you ouy the IntelliStation E Pro and the software we'll 
throw in 256 MB of free memory. Just ask! 

Offer expires December 31 2001 

Collection software Part #SEAD0BE2: 256MB memorrPart^LMS? 0 " 16 ' Ad ° b6 ^ 


Don’t panic. Only IBM has Ask IntelliStation 
available to answer all your pressing hardware 
and software integration questions. 

Its deadline time and suddenly you have technical issues 
with the new 3D modeling software you've just loaded. 
Holy timeframe! But you’re not anxious. You e-mail 
Ask IntelliStation and an IBM expert will answer your 
hardware and application integration questions. Now that’s 
superhero support. It’s also one of the unique IntelliStation 
workstation features you simply won’t get anywhere else. 
With tailored 2D and 3D graphics drivers, and the lightning 
speed of an Intel Xeon™ processor, IntelliStation 
workstations consistently deliver a masterful performance. 
And, if you order an Adobe® Web Collection at our special 
price when you buy any IntelliStation E Pro, you’ll get 256MB 

of free memory. Just ask. WOW! So call or click, and marvel 
at IntelliStation today. 


Get the latest product pricing and informatioi 
Use NavCode on the phone or on the Web 



DIRECT TO YOU 


Call toll free 1 866 723-5170 or 
Click www.ibm.com/intellistation/M297 

for more information, to buy direct or locate an IBM reseller. 


IBM PCs use genuine Microsoft® Windows* 

www.microsoft.com/piracy/howtotell 


Requires Internet access account, not included. 2 GB = 1 ooo nnn nnn hutoo k 

JC, nSSSeie? r p a ri c^ pa'JJ { ra,es: ra,es are variable and are often less 

notice IBM makes no representation or SK?’* B! “ Sepa ® ly A " “« e,s “W to availability Paymen ' d “ c al leasc si «" i "9 taxes are 

under license Other company, product and service names^m^^etractemarks o^Mnnoe^malks o^AOobe^Systefns tt k^™e < GLa n [s aoaSemark of ATI Technologfes* Inc^andls^usea 
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LEGAL CODE 


Bret A. 
Fausett 



What constitutes acceptable use of your machines and services 
and when does the law step in? 


Don’t Tread on My Server 


I run my own Web, mail, FTP, and DNS servers on a 

couple of aging DSL-connected hosts sitting in my den. 

While they’re primarily for my own lightweight, personal 
use, they’ve also given me some pretty good insight into 
the problems that Webmasters and network operators face. 

My machines had operated quietly and happily for 
months, with no crashes and no need to reboot until a few 
weeks ago, when my mail server crashed and brought down 
the entire system. I didn’t think much about it at the time, 

I just rebooted and returned to work. The next day, I came 
home to find that my mail server had again brought down 
my system. But this time, I had some inkling of the prob¬ 
lem, as I’d been receiving dozens of copies of the Sircam 
virus. I don’t run Windows operating systems, so my email 
client and OS weren’t vulnerable to that particular afflic¬ 
tion, but my barebones machine clearly wasn’t robust 
enough to handle the large attachments that it was receiv¬ 
ing with such frequency. I was falling victim to the virus’ 
secondary effects. 

I had a different experience just a week or two later, 
when my Weblogs suggested that my Web site was becom¬ 
ing increasing popular. Over a period of a few days, I had 
gained hits exponentially. But, alas, newfound popularity 
had nothing to do with it. The new hits to my server were 


bounces started coming in, Internet Doorway had no idea 
what the angry users were talking about. 

Internet Doorway, of course, hadn’t sent any of the 
unsolicited mail messages. The mail address in the header 
of the spam that identified the sender as Internet 
Doorway had been spoofed. And while the online marketer 
advertising its pornographic Web site had gotten its 
message out to tens of thousands of readers, Internet 
Doorway was left receiving the abusive and angry replies, 
requests to be removed, and bounces from the dead email 
addresses. Message by angry message, Internet Doorway 
replied to each one. Writing back or calling every person 
who complained, Internet Doorway attempted to explain 
what had happened and apologize for a problem that it 
hadn’t created. 

After cleaning up the problem as best it could, Internet 
Doorway went looking for the person who had forged its 
name in the spam header. The company found that person 
in Texas, and then it filed suit. Internet Doorway sued not 
only for the fraudulent use of the company’s name, but for 
the burdens placed on its mail servers from bounced email. 
Internet Doorway sought monetary damages as compensa¬ 
tion for the costs of keeping its servers operational and 
cleaning out the multitude of bounced messages. 


leaving the tell-tale footprints of the Code Red and Code 
Red II viruses. Because my server wasn’t the type targeted 
by Code Red, it wasn’t infected; but once again, I saw the 
secondary effects of a virus that was randomly hitting sites 
everywhere. 

It was clear to me that these viruses amounted to some¬ 
one accessing my servers (located in my house) through my 
firewalls, in ways I hadn’t intended and that weren’t accept¬ 
able to me. In one of my earlier columns I noted that you 
should never use the uncertain and expensive legal system 
to fix something that you could correct more easily through 
code (“Linking Legalities,” February 2001). Yet the legal 
system can certainly help alleviate past wrongs when it’s 
too late for code. 

Spoofed Spam and Bounced Emails 

Internet Doorway is an Internet service provider in Missis¬ 
sippi. Sometime last year, its customer service representa¬ 
tives started receiving complaints about the spam it was 
sending and the pornographic links in those unsolicited 
emails. It also started receiving bounced email messages 
from the hundreds of bad addresses targeted by the spam 
Not only was the spam causing Internet Doorway a seri¬ 
ous public relations problem, but the bounced emails 
were becoming a technical burden as well. Perhaps most 
problematic of all was that when the complaints and 


Operation Henhouse 

A thousand miles north, Register.com was beginning to 
receive complaints from some of its customers that their 
names and email addresses had been sold to third-party 
marketers, but the company had done no such thing. 
Register.com is one of the world’s largest domain 
name registrars. In conjunction with its registrar opera¬ 
tions, Register.com is required to maintain a public data¬ 
base of all the domain names it has registered in addition 
to contact information for the registrants and their techni¬ 
cal personnel. This whois database is incredibly useful for 
finding technical contacts for Internet hosts. 

But when one of the world’s largest databases contains 
the names of every person and company with a registered 
domain, and when that database is also open to the public, 
rest assured that someone will misuse it for marketing 
purposes. That was exactly what was happening with 
Register.com’s whois database. 

Web-hosting company Verio, a Register.com competitor, 
had begun a marketing initiative called Operation 
Henhouse. The plan was to mine Register.com’s whois 
database for information about new domain-name 
registrants. Who better, in fact, to contact about Web¬ 
hosting services than someone who had just registered a 
domain name? 
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The Padded Lilies are a 
synchronized swim team 
of fat ladies who believe 
that beauty isn’t found in 
the size of the body, but 
in the spirit of the soul. 


PADDED LILIES 

Bravery comes in all shapes and sizes. But sometimes it’s expressed simply by having 
the courage to be yourself. At CommuniTech.Net, we recognize that our customers come 
to us not only for superior Web hosting services, but for something else as well. 

Our interest, our respect, our humanity. And when they need it, our help. 

»»They always get what they came for. 



Technology Delivered By Humans 










LEGAL CODE 



Sneaky Marketing 

Operation Henhouse was clever. Each day, 

Verio downloaded a list of all currently regis¬ 
tered domain names ending in .com, .net, and 
.org from the domain name registry files 
maintained by Verisign Global Registry 
Services. Verio then used a custom computer 
program to compare the newly downloaded 
list with the list it had downloaded the previ¬ 
ous day, gathering names that had been 
added in the last twenty-four hours. After 
creating a list of new domain names, a Verio 
search-bot queried the registry database for 
each and extracted the registrar’s name. With 
that information, the search-bot then queried 
the registrar’s own whois database to extract 
contact information for the domain name 
registrant. The whois data, that contained 
the registrant’s name, address, and telephone 
number, was deposited into a list of sales 
leads sent to Verio’s telemarketing staff. 

Within hours after registering a new domain 
name, Register.com’s customers were receiving 
emails or phone calls from Verio asking if they 
needed a hosting service. Verio’s email mes¬ 
sages congratulated the new domain name 
registrant on taking “the first step towards 
having your own Web site” and then suggested 
that “the next step is to set up a hosting 
account.” With Verio, of course. 

Register.com was not amused. Believing not 
only that Verio misled consumers into thinking 
that Register.com was behind the new sales 
pitch, but also that the use of the whois data¬ 
base for marketing was wrongful and poten¬ 
tially harmful to its continued operation, 
Register.com filed suit. It sought, among other 
things, an injunction prohibiting Verio from 
accessing its whois database with automated 
search-bots. 

Unauthorized Uses 

Both Internet Doorway and Register.com relied 
on the legal theory of trespass to chattels. 
Internet Doorway had a significant technical 
problem to solve with the bounced email 
messages. Even though its servers didn’t shut 
down, the employee time expended to correct 
the problem was substantial. Other companies 
have faced similar problems, and unlike 
Internet Doorway with its robust systems and 
connectivity, these companies have lost their 
servers entirely under the flood of bounces and 
complaints from forged spam. 

Trespass to chattels is perfect for such 
situations. With effect in virtually all U.S. juris¬ 
dictions, trespass to chattels covers two specific 
scenarios. The first is when someone uses your 


chattel—a piece of personal, moveable 
property—in an unauthorized manner. The 
second application, more appropriate for the 
Internet context, is when someone uses some¬ 
thing they’re authorized to use in a way that 
exceeds the scope of the authorization 

Everyone who connects a server to the 
Internet expects that his or her computer will 
be accessible in some manner. It may handle 
email, Web sites, DNS, or whois queries, but 
servers are intended to be accessible to third- 
parties whom you don’t know and can’t 
control. The fact that the servers are intended 
to be used, however, doesn’t mean that they 
should be abused. When someone exceeds the 
scope of the intended use, a Web site operator 
can make a claim that someone has trespassed 
on his or her computer systems. 

By showing that Verio’s automated queries 
to its whois database had a measurable and 
undesirable effect on the performance of its 
servers, Register.com got an injunction pro¬ 
hibiting Verio from continuing to mine its 
whois database for marketing contacts. 

Drawing the Line 

The line between intended uses and unin¬ 
tended ones isn’t always easy to define. In our 
spoofing case, the line is clear: at no time did 
the spammers believe that they had authority 
to forge Internet Doorway’s name in the header 
of its mass mailings. Internet Doorway didn’t 
need a sign on its Web site saying not to forge 
its name. Every single bounced message that 
landed on its mail server was a trespass on 
its systems. 

In Register.com’s case, however, the ques¬ 
tion was less clear. The whois database, after 
all, was a public resource, mandated by the 
Internet Corporation for Assigned Names and 
Numbers, and Verio asserted that it was using 
the database in an acceptable manner. The 
Court ruled that while the scope of permissible 
uses may have been open to interpretat : on 
when Verio first started using Register.com’s 
database, at some point, Register.com clarified 
what it found acceptable, and what it didn’t. 
Certainly by the time Register.com filed its 
lawsuit, Verio was on notice. 

In light of these rulings and others in the 
growing body of law on trespass to chattels, 
some Web site operators are making permissi¬ 
ble and unpermissible uses clear in their terms 
of service and conditions of use. The larguage 
varies from site to site, but if you want usage 
limits, it’s a good idea to put it in writing. That 
sets the stage for quick legal relief if you ever 
need it. 


But Back to Me 

Enough of the legal tales about trespass, spam, 
and whois mining. What about those servers in 
my den? The Sircam and Code Red viruses were 
certainly unwelcome trespasses on my servers, 
and that was clear even without me posting my 
own terms of use. While neither virus infected 
my machines, I did suffer nuisances from the 
secondary effects of infected machines. I don’t 
pretend that the people with infected systems 
knew what was happening, or intended to crash 
my servers. This wasn’t a security breach, just 
poor virus protection on their part. But it was a 
trespass, nonetheless. 

This was especially true of the people I 
contacted to inform them that they were 
infected, but who failed to do anything about 
it. I was initially alarmed about the Code Red 
viruses, especially because the same machines 
were hitting me day after day with no apparent 
end in sight. Using, coincidentally, the whois 
database, I wrote to the technical contacts for 
those host computers that were hitting me 
most often. Most operators were grateful for 
the notice and had no idea that their comput¬ 
ers were infected. When notified, each of them 
corrected the problem. Except for a few. 

The technical contacts for a handful of 
infected hosts never wrote back. For almost 
two weeks, I continued to receive bursts of hits 
from a particular system every few hours, all 
generated by the Code Red II virus. Then I heard 
about a Perl script I could implement to send 
something stronger than a polite request back 
to the host computer. Someone far more tech¬ 
nically savvy than I, but equally concerned 
about the Code Red problem, had written a Perl 
script that could be placed on a Web server and 
would lie in wait for Code Red. The script would 
do nothing at all unless triggered by the virus’ 
tell-tale requests. If triggered, the script would 
send a message back to the infested host 
computer and shut it down. At first, I thought 
it was a perfect solution. Then I reconsidered. 

Whatever minor impact they were having on 
me, it hardly seemed an appropriate response 
to shut them down. While code may still solve 
some problems, like blocking unwanted link¬ 
ing, we’d all be damaged by a code war. 
Trespass isn’t made better by counter-trespass, 
and in some of these instances, the law 
provides a more civilized forum for resolving 
these increasingly common problems. >< 

Bret is an intellectual property and Internet 
attorney, and a partner with Hancock, Rothert & 
Bunshoft. Contact him at bret(a)lextext.com. 
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Top 10 Reasons 
Why You Should Buy 

Funnel Web’ 

10. It’s the most accurate Web site visitor analysis tool available 

9. Everyone should own at least one product named after the 
world’s deadliest spider 

8. One of the developers once worked in the gear room of the 
world’s highest aerial tram 

7. Buy the product and we’ll let you keep the CD 

6. It produces reports so beautiful you’ll want to carry them 
around in your wallet 

5. It runs on Mac, Linux, Windows, FreeBSD and Solaris 
4. Someone needed to start a new trend 
3. Thousands of your colleagues are already using it 
2. It’s 400% faster than competing products* 

And the #1 reason why you should try Funnel Web Analyzer is... 

(What, you think we’re going to give it up on the first date? 

Go to www.auest.com/topi 0 to find out!) 

*Refers to a recent independent review from Neiger Computer Consulting. 

m QUEST 
fe SOFTWARE 

www.quest.com 


United States 1.949.754.8000 • Germany +49.221.5694.111 • United Kingdom +44.1628.601000 • France +33.1.4131.96.96 • Australia +61.3.9811.8000 







Domain Name 
Registration 


Additional Domains 
) fK* (Windows 2000) 


Additional Domains 
(LINUX) 


/month 


/month 


Microsoft 

SharePoint 


Discounts! 


Shopping 

Cart 


aitcom.net 

sales@aitcom.net 


Secure Digital 
Certificates 


Dedicated and Co-location Solutions 
ASP Hosting Solutions 


No Setup Fee If Switching From A Competitor 

Ask About a Month of FREE Hosting 


HOSTING 


Advanced Internet Technologies 


'AITs unique & powerful Virtual Server Technology (VST) gives you the competitive edge' 
"Includes lots of FREE standard features you can RESELL" 


FREE Domain Name Registration 
www.yourcompany.com 
TOLL FREE Technical and Billing Support 
Dedicated IP Address on VST 
99.9% Network Uptime Guaranteed 
30 Day Money Back Guarantee 
Unlimited Hits 

Application and Ecommerce Hosting 

Ecommerce Enabled and Ready 

Secure Credit Card Processing 

Redundant OC12 & DS3 Backbones 

Redundant Cisco 7000 Series Routers 

On-Site UPS & Generator Backup 

Your Own FTP Directory 

Your Own CGI-BIN 

Access to all config files 

Unlimited POP Email Accounts 

Unlimited Email Forwarding/Aliases 

Unlimited Email Autoresponders 

Anonymous FTP 

Password Protected Directories 

Easy to Use Control Panel 

Online Billing Status 

Real Time Ticket Support System 

Webalizer Statistics and Log Files 

Daily Tape Backups/DataVault 

MS FrontPage^Extensions 

FREE Marketing Newsletters 

FREE Park Domains 

FREE SSL & PGP* 

FREE CGI/JAVA Libraries 

FREE AIT Mall Listing & PAL 

FREE MCart Webstore / Shopping Cart 

FREE Guestbook & ChatRoom 

FREE Customer Support Queue 

Telnet Access - SSH Access 

mSQL and MySQL Database Support 

Real Audio/Video capabilities 

Macromedia; Adobe; NetObjects Fusion* 

MCPS; CyberCash; Payment Net* 

eToolS Office Suite - Chat. Web Based Email 
BBS, Auction. Calendar, Banner Exchange 

WAP Enabled (Wireless) 

• FREE Search Engine Submission 


*>1*0 


Rated #1 Web Hosting 
Company with RateHosts 


Your Hosting Solution 

Virtual 
Server 1 

Virtual 
Server 2 J 

Virtual 
Server 2+ [ 

Virtual 
Server 3 

Virtual 
Server 3+ | 

WinjjK 

Powersite 

Win2K 

Reseller 

Disk Space (can be customized) 

155 MB 

300 MB 

340 MB 

- -i 

700 MB 

720 MB 

155 MB 

350 MB 

Max # of domains you can host 

N/A 

25 

25 

75 

75 

N/A 

25 

Base Monthly Server Cost 

$18.95 

$59.95 

$89.95 

$149.95 

$199.95 

$18.95 

$89.95 

Max. per domain cost @ $2.00/domain/mo 

N/A 

$50.00 

$50.00 

$150.00 

S 150.00 

N/A 

: $125.00* 

Max. possible cost to you/ month 

$18.95 

$109.95 

$139.95 

$299.95 

$349.95 

$18. ‘ 

$214.95 

Your monthly gross profit @ $19.95 domain 

N/A 

$498.75 

$498.75 

$1,496 25 

$1,496.25 

N/A 

$498.75 

Your monthly net profit reselling hosting 

N/A 

$388.80 

$358.80 

$1,196.30 

$1,146.30 

N/A 

$283.80 

Additional Profit Reselling AIT Extras* 1 * 

N/A 

$1,250.00 

$1,875.00 

[ $3,750 

$5,625.00 

N/A 

\ $1,250.00 

Total Monthly Profit 

N/A 

$1,638.80 

$2,233.80 

j $4,946 30 

$6,771.30 

N/A 

$1,533.80 
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Joshua A. Fruhlinger 



Users come to the Internet with a particular goal in mind, rather than 

to follow random links. These goals, or usage modes-to chat with a 
friend, to buy something, to look something up—are often mutually 
exclusive, in that users who want to chat with a friend don’t want to 
buy something at that time, and vice versa. 

What happens, then, when a company fails to understand its users’ 
usage modes? An e-commerce site that includes interactive, fun, value- 
added features may entertain its users, but will it convert those users 
into profitable sales? What assumptions should you, the Web site devel¬ 
oper, make about your users, and how should you approach additional 
site features and content that may be outside the realm of your site’s 
primary mission? 

In 1999, I was a user experience director at a major consultancy 
that built e-commerce sites for startups. One of our clients was 
funded for an e-commerce product that focused on sales of exclusive 
live concert videos. Like a lot of people trying to create sticky 
experiences, we were hot on the idea of value-added content. 

We built a site that included artist interviews and concert 
calendars alongside the site’s items for sale. We figured that by 
providing users with what seemed to be relevant content, we 
could create an experience that would keep users coming back 
for more. 

After the site’s launch, sales numbers were respectable, but nowhere 
near what they could have been based on site traffic numbers. People 
were coming to the site in droves. They were reading all of the great 
content that cost the company a good deal of cash, but they weren’t 
buying videos. We had successfully created an impressive content desti¬ 
nation, but the client’s e-commerce goals, the main mission of the site, 
weren’t met. 

While the site’s content had become popular, the merchandise had 
not. In a scramble, we wrote some reviews about the actual shows that 
were featured in the site’s buyable inventory and lost all of the inter¬ 
views and non-related features. Almost overnight, conversion numbers 
exploded. The users were still entertained, but they were being enter¬ 
tained in a way that supported and increased sales. We successfully 
turned our users into shoppers. 


Four Modes For Consideration 

You can’t be the destination for all users at all times. Understanding 
your users’ usage modes is an important first step in determining what 
kinds of value-added content, site architecture, and interface paradigms 
you can present without distracting your users to the point of under¬ 
mining a site’s primary mission. 

You’ll find the four major usage modes below. Different modes can 
complement your site’s mission, or end up distracting users from your 
ultimate goal. 

Entertainment. Users who seek entertainment tend to browse in a 
passive style that mimics the way we watch television. They’re more 
forgiving about download times, but they’re also more critical about 
content quality. You can’t get away with sloppy editorial and imagery as 
easily when users are in entertainment mode. Offering a rewarding 
entertainment experience is one of the better ways to build user loyalty, 
but be sure you have a reason to do so. If you’re trying to sell some¬ 
thing, you probably don’t want to offer a 2MB QuickTime download that 
will remove the user from the buying process. 

Entertainment destinations tend to be content heavy. Manifestations 
include online games, e-zines, and media download destinations. Users 
in entertainment mode use the most diverse collection of clients and 
user interfaces to access online entertainment. Media viewers (MP3 
players, movie viewers, and so on), game programs with online compo¬ 
nents, and even offline applications are included here. Users in enter¬ 
tainment mode are also likely to follow feature links that look 
interesting, as they have no final destination in mind. In a sense, they’re 
channel surfing their favorite channels, looking for something new and 
interesting. However, the subject of their Internet session is pre¬ 
determined. That is, a user looking for MP3 files from a particular artist 
isn’t likely to follow a link that leads to a site about fly fishing. Keep 
your contextual links in perspective, and you can keep entertainment 
users around for hours. 

Socializing. Users in social mode seek interpersonal interaction. This 
manifests itself in peer-to-peer chats (instant messaging), casual 
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USAGE MODES 


You can t be the destination for all 

users at all times. Understanding your 
users’ usage modes is an important first 
step in determining what kinds of value- 
added content you can present without 
distracting your users. 




emails via personal accounts, message boards, 
and multi-person chat rooms (IRC, Web 
chats). As long as social users are talking with 
friends as soon as possible, they’re satisfied. 

They have little tolerance for outside intru¬ 
sions, especially advertising and other 
attempts to make sales. 

Social destinations are often outside the 
realm of the Web. Instant messaging clients 
like AOL Instant Messenger and Yahoo! 

Messenger have become popular tools for social 
interaction online. Social destinations on the 
Web usually include message boards. Other 
Internet social destinations include Usenet and Internet Relay Chat, 
both accessed via client programs separate from Web browsers. For the 
most part, users in social mode aren’t surfing the Web. Once they 
launch a chat or begin to write an email, their only interface is the 
keyboard and a send button. These users have a very low likelihood of 
following unrelated links, especially advertisements. 

Shopping. Users in shopping mode have credit card numbers at ready 
and a critical eye on price. They’re extremely dependent on good user 
interfaces and are easily frustrated with poor shopping experiences. In a 
nutshell, they’re fickle. There are thousands of e-commerce destinations, 
and many of them sell the same wares. Online shoppers go to the site 
that offers the easiest, cheapest, and most secure shopping experience. 

Online shopping destinations are virtually always e-commerce Web 
sites. Users in shopping mode have a particular product in mind when 
they log on, and price is paramount. They have spent much time 
researching the product and collecting opinions from those who already 
own it, both on and offline. Because they aren’t limited to local shops, 
they purchase from the online merchants who offer the best deal. These 
users are aware and active. They follow links that aid in their purchase, 
especially electronic coupon links and promises of big discounts. 

Researching. Users in research mode use the Internet like an encyclope¬ 
dia, scouring search engines and online databases. They are looking for 
particular information, and will tap any Internet source, whether it’s 
commerce, entertainment, or information oriented. 

Research destinations include search engines, news and information 
sites, and just about any other Internet site related to their research 
subject. Researchers are proactive Internet users, and are more likely to 
enter a term into a Web-wide search engine or drill-down via a complex 
taxonomy system than those in other usage modes. These users ignore 
links that don’t relate to their subjective search. However, they’re most 
likely to follow related links that lead them to another site. They’re also 
extremely dependent on good front- and back-end design—if they 
encounter long database query times and poorly designed user inter¬ 
faces, they leave and look elsewhere. 

Mixing Your Modes 

So you have an e-commerce site and you want your users to stick around 
a bit longer. You know that offering articles and downloads could be the 
answer, but you don’t want to distract users who are about to make a pur¬ 
chase. More importantly, you don’t want to obfuscate the site’s purpose. 

Browsing modes determine and limit the kind of site and site 
features that you can present to your users. However, some browsing 
modes actually support one another and improve the overall user 


experience. Here are the two best matches, and the ways they may 
manifest themselves. 

Entertainment and Socializing. People are happy when they’re enter¬ 
tained. When people feel happy, they’re social. As such, entertainment 
users are ripe for social site features, and you should give those users a 
chance to meet one another. 

Magazine editors often talk about establishing a community of 
readers. Those readers, however, rarely get a chance to talk with one 
another about the subject they love. Articles and news items can be 
great catalysts for discussion, and not allowing users to express those 
thoughts diminishes your site’s function as an Internet destination. 
Allowing users to share opinions and thoughts will also help populate 
your site’s content, give you ideas for new features, and keep users 
returning to the same feature more often than they would if you left it 
static. While adding community elements to content sites isn’t a new 
concept, a surprising number of content sites don’t enable community 
interaction. 

Researching and Shopping. In a sense, shopping is a research activity. 
Shoppers determine a need for a product, they research the best fit 
within that product category, and then they determine the best price 
and source for that product. Normally, e-commerce sites can only 
provide the latter stages of the buying process, after the buyer has 
already determined a need. As such, they must compete with price cuts 
and other costly customer service measures. 

However, what if you let shoppers compare product features and read 
what others have to say about them? By adding some unbiased research 
functionality to your site, you let users do their research and make their 
purchases in one location. After all, the best salespeople are those who 
gain customers’ trust by educating them and helping them make 
informed decisions. 

Look For The Positives 

Successfully determining your users’ usage mode and providing site 
features that make sense while supporting your site’s mission is a 
major step toward providing streamlined, effective user experiences. 
However, keep your site’s true mission at the forefront. Are you look¬ 
ing to make sales? Are you trying to extend your brand? Do you want 
to keep users at your site as long as possible to increase advertising 
revenue? 

Three major Web site metrics for success are customer conversions, 
user retention, and brand trust. Whether you run an e-commerce, con¬ 
tent, or community site, one or all of these metrics are important in 
determining your site’s success. 
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Customer Conversions. One of the biggest pitfalls of the free nature 
of the Internet is that a user can come and go as he likes whether 
he’s about to enter a credit card number or not. Customer conver¬ 
sions (that is, the ratio of users you can convert from browsing to 
buying or participating) is an extremely important and well-known 
measure for success. 

Your users’ usage mode is predetermined. If you can’t figure out 
which mode to address, you’ll see a huge negative hit on your conver¬ 
sion numbers. As I mentioned above, distracting buyers with unrelated 
content does nothing to convert them into buyers. Giving those users 
the tools to research, compare, and discuss the products you offer will 
increase conversions. 

User Retention. Internet users are choosy. While some users may return 
to the same sites for their financial tools or to read news headlines, no 
site can claim a monopoly on its users’ online time. 

User retention may not be a goal of your site though, and that’s okay. 
For instance, if you’re running an e-commerce site that assumes a usage 
mode of shopping, you’re best off not expecting those users to do all 
of their shopping on your site. In fact, you want those users to complete 
their buying process as quickly as possible, even if they take off to 
another site immediately following the sale. If you’re running a content 
site, you can improve your user retention numbers by offering your 
users a chance to meet one another. 


external factors like marketing campaigns and advertising presence that 
are beyond the scope of this article. What is important here is that you 
can establish brand trust with strategic, value-added content that 
supports the users’ usage mode and your site’s mission. 

Brand trust is enhanced when site managers want to support user 
experience with research and useful content. However, that content 
will only improve brand trust in situations where it is unbiased and, 
in the best scenario, user supplied. If a manufacturer or merchant 
supplies the content, users are likely to see it as advertorial, under¬ 
mining brand trust. 

Give *Em What They Want 

Understanding and presuming usage modes is an important first step in 
user experience design. By giving your users what they came for, you 
reduce confusion and streamline the conversion process. 

Consider what it means when you determine that your users are 
shoppers, chatters, or researchers. Undoubtedly, there are site features, 
content, or user interface paradigms that you can change, add, or 
subtract that will enable your users to complete their primary mission 
within that usage session. 

The days of mega sites and one-stop Internet destinations are over. 
Just give ’em what they want. >< 


Joshua is principal of Fruhlinger Consulting, a user experience consulting 

Brand Trust. Brand trust is a composite of both customer conversions firm. He is also a writer, speaker, and creative director. You can contact him 

and user retention, as it is depends upon them. It also depends on at www.fruhlinger.com. 



Paint Shop Pro™ 
Namo WebEditor 


What a Web they weave 


Now Jasc has put together the 
most versatile and powerful tools 
to create Web graphics, and 
build and manage Web sites. 
Design your own Web graphics 
and special effects with Paint 
Shop Pro, and build a 
professional-looking site in 
minutes with Namo WebEditor. 
Learn more about these 
products or download your 
free trial versions at: 
http://deals.jasc.com/wtech/dec 


Paint Shop Pro 7 


Paint Shop Pro-The most popular, 
most complete Web graphics editor 
for home and business 


WebEDITORS 


Namo WebEditor - All the tools 
you need to build and manage 
professional-looking Web sites 
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figure 1 


Setting available options for products is easy 
with the intuitive Interchange administration 
interface. 


Red Hat 

E-Commerce Suite 

Red Hat 

www.redhat.com/ecommerce 

$2995 


Comprehensive, Open-Source 
E-Commerce Suite 

Red Hat is best known for its Linux distribu¬ 
tion, to the point where it’s sometimes 
mistaken for Linux itself (newbie to mailing 
list: “I’m running Linux 7.0”). Red Hat’s early 
lead in developing a Linux OS that’s easy to 
install and use resulted in the first high-profile 
IPO for a Linux company. As a public company, 
Red Hat is painfully aware of the limited 
revenue opportunities in developing and sell¬ 
ing a Linux distribution. No matter how popu¬ 
lar it is, any company with a product that can 
be legally installed an unlimited number of 
times, freely copied, and resold by others is 
going to have a hard time making its share¬ 
holders happy. Red Hat’s strategy is to become 
more vertically integrated by bundling and 
selling applications that run on top of its Linux 
OS and by offering a range of support, devel¬ 
opment, consulting, and training services. The 
goal is to make money by managing and 
streamlining the complexity of an application 
and offering a single source of accountability 
for the customer. Earlier integrated products 
consisted of third-party proprietary server 
applications bundled with Red Hat Linux. Red 
Hat E-Commerce Suite is Red Hat’s most ambi¬ 
tious product to date in this vein. 

The product targets the small- to medium- 
size business market. Companies in this 
market need a robust, extensible, ready-to-run, 
B2B or B2C solution. However, it must be one 
without the cost and complexity associated with 
high end systems. 

What’s Inside 

The Red Hat E-Commerce Suite is basically a 
shrink-wrapped bundle of open-source soft¬ 
ware for Intel x86-based machines. It contains 
the Red Hat Linux 7.1 operating system, Red Hat 
Database, Stronghold Secure Apache Web 
Server, and the Interchange 4.8 e-commerce ser¬ 
ver. Red Hat Database is a rebranded version 
of PostgreSOL 7.1.2, an ACID-compliant rela¬ 
tional database. PostgreSOL is one of the lead¬ 
ing open-source databases that’s staking out 
the huge middle market between Microsoft 


Access on the low end 
and the proprietary 
big boys who snipe at 
each other through 
billboard advertise¬ 
ments. Stronghold 
Secure Web Server is 
the ubiquitous 
Apache 1.3 Web server 
with 128-bit SSL 
encryption built in. 

Interchange is a server 
application that was 
developed by Akopia, 
a company Red Hat 
acquired earlier this 
year. A descendant of 
the Minivend and 
Tallyman applications, 

Interchange has been 
around for more than 
five years. Because of 
its longevity, Inter¬ 
change is proven, well 
documented, and 
boasts a sizable 
user base. 

Also included in the Red Hat E-Commerce 
Suite bundle price are: basic installation and 
configuration support (30 days via telephone, 
one year via Internet), one year of software up¬ 
dates, a coupon for a $200 discount on an Inter¬ 
change training class, and three hours of 
Interchange developer consulting. The printed 
documentation consists of a Getting Started 
pamphlet and booklets for OS installation and 
Interchange administration. The suite’s individ¬ 
ual software components are all freely avail¬ 
able: Red Hat hopes to lure customers with 
software integration and testing, and the addi¬ 
tional services and support. Red Hat also offers 
hosting services for the E-Commerce Suite if 
you prefer an ASP solution. 

Installation 

The suite installation is straightforward. Boot¬ 
ing directly from the CD-ROM, the OS installer 
asks a few questions, sets up the hard drive 
and network, and installs packages. The suite 
calls for a bare-bones server installation. This is 
different from the typical Red Hat Linux instal¬ 
lation in that it omits the X Window System 
and GUI environments like KDE or GNOME. 
While this installation is hardly bloated, the 
suite installs some components that serve 


little purpose for an e-commerce server; for 
example: the X font server, NFS, two different 
DHCP clients, or FTP, finger, and telnet servers. 
Fortunately, most of these programs are turned 
off by default, presenting a minimal security 
threat. They are also easily removable from the 
system. 

I was disappointed by the lack of a Logical 
Volume Manager (LVM), like those available in 
competing Linux distributions. Once reserved 
for only high end Unix operating systems, 
LVMs make disk space management simpler 
and more flexible. You can resize partitions on 
the fly, and these can span multiple, physical 
disks. Upgrading disk space is a trivial task 
with LVM-something you’ll greatly appreciate 
when the inevitable avalanche of customers 
has filled the disk space allocated to the 
database. 

Once the OS is installed and booted, you 
use another CD-ROM to install the rest of the 
suite. A single script run from the command 
line installs packages for Apache, PostgreSOL, 
Interchange, and about a dozen modules from 
the Comprehensive Perl Archive Network 
(CPAN). It would be nice if you could install 
the PostgreSOL database on a separate 
machine, as is standard practice with most 
Web applications. 
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Amazingly enough, the server is complete 
and fully operational at this point. You need 
virtually no knowledge of Linux, PostgreSOL, or 
Apache to create a fully functional Web busi¬ 
ness. The E-commerce Suite is truly a turnkey, 
out-of-box solution. However, you must have 
some knowledge of Linux to perform routine 
operations like running backups and managing 
disk space. In addition, a basic level of compe¬ 
tency with PostgreSOL and Apache will help 
you customize and trouble shoot. 

Insta-Store 

You only need a Web browser pointed at the 
server to build, operate, and manage an online 
store. CommerceLauncher is the Web-based 
setup wizard for Interchange. It asks you for 
information such as business contact info and 
your shipping and payment preferences. You 
can then build the product catalog either by 
uploading a Microsoft Excel spreadsheet filled 
with your product information, or by manually 
entering products one by one. Add product 
images by uploading a Zip archive containing 
the images to the server. (Although using these 
Windows-centric file formats may be distaste¬ 
ful to a Unix purist, it makes the setup experi¬ 
ence as accessible and straightforward as 
possible for the vast majority of potential busi¬ 
ness users accustomed to Windows.) Finally, 
choose from a selection of color schemes and 
layouts, and an online store complete with 
boilerplate text (“The Internet’s premier source 
for...”) is ready for testing and modification. 

Commerce Features 

The site CommerceLauncher creates is a 
standard-looking Web storefront, complete with 
shopping carts, customer accounts, browsable 
product categories, privacy policy, and an About 
page. Other features visible to the customer 
include order tracking, returns, multiple ship¬ 
ping addresses, catalog search, and mailing list 
opt in. The store is catalog-centric, and has 
limited abilities to personalize the shopping 
experience on a per-customer basis. 

The administrative interface, shown in 
Figure 1, is browser-based. All day-to-day busi¬ 
ness is conducted here: managing orders and 
customer information, updating inventory, 
editing site content and appearance. You can 
enter orders manually if sales are also con- 
ducted over the phone or in person. A mer¬ 
chandising editor lets the store support 
promotions, quantity pricing, upselling and 
cross-selling, and affiliate programs. 

On most screens, you can find context- 
sensitive help. You can define multiple 




IvtrU not 110pcS to lure customers 
with software integration and testing, and 
additional services and support. Red Hat also 
offers hosting services for the E- Commerce 
Suite if you prefer an ASP solution. 


No out-of-box 
support for foreign 
currencies and 
number displays. 
Linux knowledge 
required to main- 
tain server. 


administrative users, and grant finely grained 
access controls to these users. Three groups 
with different areas and access levels are prede¬ 
fined: Content Manager, Merchandiser, and 
Sales/Orders. A simple reporting facility gener¬ 
ates statistics on demand, summarizing infor¬ 
mation from tables in the database. 

Simple reports on orders and traffic are avail¬ 
able by default, and custom reports are also 
available. The functionality is roughly equiva¬ 
lent to running SQL SELECT statements on the 
database. 

More on Interchange 

The store CommerceLauncher creates isn’t the 
only type of application that you can build with 
Interchange. As an application server written in 
Perl whose versatility is obscured by its history 
as a storefront application, Interchange is 
something of a sleeper in the open-source soft¬ 
ware world. Features like Web-based manage¬ 
ment and editing facilities; separation of 
design, logic, and content; access controls; and 
HTML-based tag language make Interchange 
potentially useful for a wide range of applica¬ 
tions. However, its development and use have 
been focused on the storefront application. The 
lack of features like version control keep Inter¬ 
change from the matching the competition. If 
Red Hat can rally the Perl community around 
Interchange, add features, and build more 


License, and so on) that grant users similar 
levels of freedom of use, sharing, and modi¬ 
fication. This licensing system would be 
useful if Red Hat’s support ever proved inade¬ 
quate. In such a situation, other parties are 
ready to step in and do Red Hat’s job, whether 
you need a consulting firm or a local Perl 
hacker. Open source lets Red Hat stand behind 
and support software that it doesn’t own or 
control, the antidote to “not invented here.” 
Open-source software deters vendor lock-in, 
and lets anyone with sufficient technical 
resources take ownership of software issues. 

Each component of the E-Commerce Suite is 
evidence that open-source software can reli¬ 
ably provide much of the functionality of more 
expensive alternatives, while still satisfying 
the most users’ needs. Although it may be 
more expensive than building your own from 
scratch, the suite is so attractively priced that 


ready-made applications, Interchange could 
rapidly reach its full potential. 

Interchange can access data on any database 
that’s supported by Perl and via methods like 
XML-RPC and SOAP. In this way, it can be inte¬ 
grated with a business’ existing environment. 
This use of Perl makes Interchange an attrac¬ 
tive platform for the many IT shops that already 
use Perl elsewhere for systems administration 
or application development. 

Why Open Source? 


it risks being slighted by those who equate a 
high price tag with quality. Red Hat has deliv¬ 
ered the power and stability of Linux and open 
source, and concurrently shielded users from 
much of its complexity. Interchange is highly 
polished, flexible, and extensible. The suite is 
ideal for anyone who needs to start quickly, 
likes his or her servers to stay running, doesn’t 
have a ton of cash to burn, and wants to 
launch a business a little less grandiose than 
Amazon.com. In this economy, that could be a 
very large market indeed. 


There’s absolutely no proprietary code in the 
Red Hat E-Commerce Suite product. Compo¬ 
nents are released under a variety of licenses 
(GPL, BSD, Artistic License, Apache Software 


-Charlie Cho 

Charlie is an independent consultant living in 
San Jose, CA. Email him at charlie(a)cheaux.com. 
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INTEGRATED 

DESIGN 



Temper your clients’ enthusiasm with the wisdom of experience. 
(Hey, at least we’re not still fighting over the <blink> tag.) 


14 Ways to lalk Clients Out of 
Ruining their Sites _ 


Molly E. 
Holzschlag 


online 

resources 

Here are a few 
examples to follow, 
and mistakes to avoid 
when working with 
clients. 




Every design shop has dealt with a client who “knows 

better” than the designer. Combine an aggressive client 
with an overly accommodating designer, and the resulting 
site can become a primer for mistakes to avoid. 

The best shops work closely with clients to teach them 
the tenets of solid Web design. But there are still plenty of 
novices out there. I’ve compiled 14 of the most common 
client-driven site design errors. Learning to address these 
issues diplomatically will mean successful sites for your 
customers, and an improved reputation for your shop. 

Getting Edgy 

Clients sometimes think that a lot of visual and dynamic 
effects make a site look edgy or cool. Occasionally this is 
the right approach, but it often doesn’t match user needs. 

1. Splash pages. While a splash page is sometimes 
justifiable, for the most part, they look dated and can be 
confusing. Point out that site visitors are more apt to use 
information or services if they’re accessible quickly. 

2. Abstract Icons. Designers often refer to these as mystery 
meat. Abstract icons are visually appealing but inappropriate 

before you leap 


Lane Stayley’s Bio Page 

This page for an Alice in Chains band member is a great 
example of one typeface used in a variety of weights to 
create a very progressive visual design. 

www.sonymusic.com/artists/AlicelnChains/biolane3.html 

Counterspace 

Dedicated to typography and its history, this flash-based 
site is a beautiful example of design using a single 
typeface within each page. 

www.studiomotiv.com/counterspace 

DigitalWeb Magazine 

An excellent magazine for Web designers, this site uses 
many colors, but in an organized way to assist with 
orientation. But what do those icons mean? 

www.digital-web.com 

A List Apart 

This site works with any browser. A testimony to the 
benefits of standards compliance. 
www.alistapart.com. 


for most sites. Prepare a mockup that uses abstract icons, 
and one that uses the same icons with labels cleverly inte¬ 
grated. This will help your client immediately see the 
benefit of avoiding mystery-meat iconography. Go to 
DigitalWeb Magazine (see the Online Resources box) and 
look at the icons along the bottom of the home page. 

Sure would help to have some indication of what these 
things are! 

3. Non-standard fonts. Explain the technical issues 
surrounding typefaces on the Web. Show clients sites that 
use type well. Look for those that stick to one or two type¬ 
faces and vary the faces with weight, letter spacing, and 
line height to gain an elegant-or even radical-look. I 
recommend Lane Stayley’s Bio Page and Counterspace (see 
Online Resources). 

4. Extremely energetic colors. Your client wants colors that 
that pop. But of course, putting red text on a black back¬ 
ground or using fifty colors on a page are preludes to site 
failure. Explain that low contrast degrades readability, and 
demonstrate how using a few simple colors can get the job 
done very effectively. 


Apple 

Clean design with lots of white space. 

www.apple.com 

Billabong USA 

Makes excellent use of Flash for a very hip site. 

billabong-usa.com 

Nickelodeon 

Nickelodeon gives kids a lot to look at. Perhaps too much. 
www.nick.com 

O’Reilly Networks 

O’Reilly makes it tough to pin down a physical mailing 
address. 

www.oreillynet.com 

Schwab.com 

Schwab offers a well-organized site map to help users 
along. 

www.schwab.com/SchwabNOW/navigation/siteMap 
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5. Too many effects. One effect might be 
appropriate, but using too many can confuse 
the site visitor and actually work against the 
client’s goals. Explain the advantages and 
disadvantages of different dynamic approaches. 
Ask your client to evaluate the purpose of each 
page element, and offer ideas on how to 
streamline pages. Visit Billabong USA, and 
show your client that while this wouldn’t work 
for a financial services site, it’s a great example 
of marrying the audience to a dynamic, interac¬ 
tive media event. 

Overwhelming Users with 
Information 

In an attempt to express everything at once, 
clients sometimes think that filling a page with 
excessive text, images, and clutter actually gets 
their message across faster. This approach is 
dangerous, and may actually dilute the site’s 
message. A few examples: 

6. Everything above the fold. When you’re 
designing a company’s site, everyone wants their 
project or department immediately visible. Just 
because newspapers try to get all of the news 
above the fold doesn’t mean the same rule 
applies to a Web site’s main page. You quickly 
lose the home page headlines in the mess—not 
to mention your visitor’s interest. Show your 
clients that short, sharp commentary works well 
when it links to more detailed information. A 
look at the clutter on Nickelodeon will help prove 
the point. 

7. Improper use of space. Web space is very 
tight. Heavy use of frames and disproportionate 
images is still common all over the Web. Take a 
piece of paper and cut it down to the size of an 
800x600 pixel space. Now fill it with cutouts 
that represent your images and text, and even 
break the space up to represent frames. Show 
your clients how cluttered the results are on 
such a small space. Then, rearrange your text 
and images using plenty of white space and 
paying close attention to the relationships 
between page elements. Seeing the results in 
tangible form can persuade your clients that 
uncluttered Web pages are much more effec¬ 
tive. Look to Apple’s Web site for a clean design. 

8. Link abuse. Have your clients open up a 
portal page; ask them what catches their eye 
and why. Get them thinking about the intelli¬ 
gence of organized links and guiding the site 
visitor to the next logical location within a site, 
rather than giving the visitor too many options. 
Also, talk to clients about keeping links internal 
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except where clearly defined. It’s in everyone’s 
best interest to keep visitors on the client’s site 
instead of hopping off to a competitor. To illus¬ 
trate your point, go to any portal and ask your 
client to count the overwhelming number of 
links on each page. 


concept. Too many companies assume they 
know what their users want without having 
any empirical evidence. Show them that 
making the site accessible and friendly is often 
more important than making it pretty. 




Ignoring the Basics 

After all these years, we’re still struggling to 
make our points about basic site structure, navi¬ 
gation, and content integrity. Overly enthusiastic 
clients, or those under pressure to get their Web 
site running, often overlook the basics. Here are a 
few talking points that will help you address 
concerns, even in a short development cycle. 

9. Poor site structure. Easy navigation follows 
sound site structure. Work with your clients to 
hash out the important areas of the site. Then, 
draw up a hierarchical flow chart denoting each 
section of the site, and how it will be named. 
This way, you and your clients work as partners 
to modify and refine the site structure. Explain 
the necessity of ensuring that site visitors know 
where they are in a site at all times. Show clients 
a breadcrumb trail and a site map, like the very 
helpful one at Schwab.com. 

10. No contact information. Complete contact 
information and feedback forms should be 
prominent. This sounds basic, but it’s consis¬ 
tently overlooked. (Try to find a physical mailing 
address at O’Reilly Networks. They’ve got a 
great contact page, and even directions to their 
offices, but not one obvious mention of their 
address.) Explain the need for a feedback form, 
and for a page that clearly provides contact 
information for key individuals within the 
company, as well as the company’s general 
contact information. 

n. Spelling and grammar errors. You already 
know that spelling and grammar count for a lot 
on a Web site. But unless you’re actually creat¬ 
ing the content for your clients, often that 
content contains a lot of basic mistakes. Include 
editorial services as part of the entire package. 
You needn’t even discuss this with clients in 
detail unless they wonder why editorial services 
are a necessary component for the project. 
However, it might be helpful to diplomatically 
point out problems of this nature to clients, as it 
affects other collateral such as print brochures 
and the like. 


12. Skipping the test phase. Whenever you’re 
creating a site for the general Web population, 
proper testing is imperative. Without a sound 
testing phase, a site may not work properly in a 
range of browsers. Write a testing phase into 
your initial proposal. Explain to clients that 
during this phase you’ll test pages in a range of 
browsers, validate markup, check links, and do 
an editorial check. Visit A List Apart for an 
example of a well-tested site. A List Apart 
adheres to contemporary standards and is best 
viewed by CSS-supportive browsers, but is clev¬ 
erly coded to be accessible to any browser. 

13. Ignoring accessibility. Accessibility has 
been discussed for years, and many Web 
designers have paid attention to accessibility 
needs, creating pages that are readily available 
to those with disabilities or those using alter¬ 
native devices. Though it may seem like 
common sense to make a page accessible to 
every visitor, clients are often unaware of what 
Web accessibility is. 

14. Client-centered design. You’ve no doubt 
heard of user-centered design, but how often 
do you get to completely apply the concept? 
Clients enthusiastically back their own ideas 
about how the site should look or behave. 
Often, those ideas are at odds with what the 
user needs. Begin by providing information on 
the importance of the relationship between a 
user and a site. Express how demographics 
and usability studies can increase the usa¬ 
bility and success of any Web site. Collect case 
studies or use examples from previous, 
successful client sites to demonstrate how 
user-centered design saves time, money, and 
frustration for everyone. 

Learning From Each Other 

Dealing with clients can be one of the most 
joyous parts of Web design. By and large, we 
learn a great deal from them about a range of 
industries. We also are challenged to provide 
solutions that match different needs. Each client 
gives us an opportunity to expand our horizons. 
Let’s make sure we expand theirs, too. >< 


Forgetting the User An author, instructor, and designer, Molly has 

“Know your user” is a tired phrase in the design been honored by Webgrrls as one of the 25 Most 
world, but clients aren’t as familiar with the Influential Women on the Web (www.molly.com). 
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Designing fo r the Bottom Line 

Th e selling points of hand and soft ROI 


We’ve come a long way since the early, anything-goes era of the 

mid-’90s, when flashy marketing sites, gratuitous JavaScript, and gyrat¬ 
ing logos were the norm. Thanks in no small part to a cottage industry 
of usability evangelists like Jakob Nielsen and Jared Spool, the Web 
community has come to accept as almost received wisdom that the user 
experience approach to design is a Good Thing (with apologies to 
Martha Stewart). 

And a Good Thing it may well be. But can we prove it? 

Achieving ROI 

In today’s cooled-down economic climate, with Web project budgets 
under increasing scrutiny and many in-house Web teams feeling the 
fiscal chill, managers are asking tougher questions about the return on 
investment (ROI) of Web initiatives. 

“We’re seeing more managers focus on proving the business case for 
Web projects,” says Jeanine Cotter, vice-president of Web strategy and 
design for IBM.com. “Executives are asking tougher questions these 
days. Is this initiative supported by our brands and by our channels? Is 
there a revenue generation opportunity here? Have we done competitive 
benchmarking?” 

Gone are the heady days of the Big Bang Web initiative, when compa¬ 
nies would lavish millions on grandiose Web projects, often with fuzzily 
defined goals and objectives. Increasingly, corporate investments in 
Web projects are centered on focused, tactical, incremental improve¬ 
ments to their current Web properties. And before they approve those 
investments, managers are asking to see credible arguments for ROI. 

At Varian, a Palo Alto scientific instruments manufacturer, the manage¬ 
ment team looks for a measurable impact on sales, call center volumes, or 
tangible efficiencies for the field sales force. “From a funding perspec¬ 
tive...it comes down to building satisfaction with our key audiences,” says 
Yvette Jenkins, manager of Varian’s Web Communications. “Regardless of 
whether you’re a supplier, an investor, a potential hire, or a customer, you 
need to find what you’re looking for quickly and easily. If our site is 
designed well, it will reflect our respect for each of our diverse audiences.” 

For many of us in the Web design business, the challenges no longer 
lie in mastering the tactics of Web design, but in learning to articulate the 


business value of what we do: working with clients to set shared, measur¬ 
able objectives for our projects, and establishing follow-up measurement 
frameworks to ensure that projects deliver on their intended results. 

Cost-Benefit Analysis 

Usability engineers and human factors specialists, our cousins over in 
the software industry, have spent years wrangling with the challenge of 
cost justifying user-centered design. 

A vast corpus of case study literature reveals that the cost-benefit 
return for user-centered design in software development organizations 
often approaches a ratio of l to 100 (or, a $100 return for every $1 
invested). This ratio is based on detailed analysis of the bottom-line 
impact of usability engineering improvements to existing software 
applications. This all sounds very well and good, but how do you 
strengthen the case for your project? 

Over the past two decades, the usability engineering community has 
evolved a set of widely agreed-upon metrics for assessing the ROI of 
user-centered design efforts in software development organizations. 
Among the key metrics analyzed by many software teams are: 

Revenue. The simplest ROI metric, sales and revenue figures provide the 
most tangible measure of bottom line impact. 

Productivity gains. Detailed calculations are used to assess performance 
improvements in terms of quantifiable productivity gains. You can also 
measure and quantify gains in user performance by using metrics such as 
time-on-task, error rates, and user training costs. 

Reduced development costs. Some studies have shown that investing 
in user-centered design actually reduces overall development costs by 
limiting the need for costly, post-release, redesign work. 

Operational efficiencies. Perhaps the biggest impact to many compa¬ 
nies’ bottom lines comes in the form of boring, but clearly quantifiable, 
savings such as lower support costs, reduced documentation distribu¬ 
tion costs, or lower call center volumes. 
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DESIGNING FOR THE BOTTOM LINE 


Once you’ve established the initial measure¬ 
ment criteria you plan to use, analysis is the 
next step in framing an effective cost-benefit 
argument. Two commonly employed formulas 
for measuring ROI are payback period and net 
present value. The payback period is the 
amount of time it’ll take for an investment to 
pay off, whether in terms of revenue, cost 
savings, or other measurable efficiency gains. 
The net present value method weighs a 
project’s anticipated cost benefits (over the 
total projected product life cycle) against 
the total project costs. A positive ratio indi¬ 
cates that the project should be a good invest¬ 
ment. Tried and tested, these ROI assessment 
methods have proven their effectiveness in 
many commercial software products and inter¬ 
nal, IT application development organizations. 

While we can learn a lot from the software 
industry’s approach to ROI, these equations 
won’t apply neatly to all Web projects. Software 
usability formulas, which are often focused on 
task-oriented measurements, frequently don’t 
factor in the broader range of business objec¬ 
tives (such as marketing and branding) that 
propel many Web projects. Cost justifying user- 
centered design for the Web requires us to use 
different calculations that are more suited to 
this medium’s hybrid nature. 

In Search of Soft ROI 

The easiest ROI arguments are those that come 
with dollar figures attached, often referred to 
as hard ROI. For example, when IBM carried out 
a wholesale redesign of the IBM.com site in 
1999, online sales rose by 400 percent the 
following week. That’s easy math. 

But does this kind of cold, hard math work 
for all Web projects? Not always. Many Web 
projects call for more difficult calculations that 
also factor in “soft” goals, like branding and 
market awareness. 

There’s more to ROI than simple number¬ 
crunching. An overly myopic focus on strictly 
enumerable criteria may blind a management 
team to crucial, but difficult-to-measure, crite¬ 
ria like brand values, emotive responses, and 
dare one even say, aesthetics. 

The unintended consequence of the usability 
movement among Web professionals has been 
a growing tendency to focus on measurable 
results alone, without factoring in the more 
elusive business goals that can inform a project. 

An old aphorism in the advertising industry 
goes something like this: “For any given adver¬ 
tising campaign waged, at least half of the 
money spent is wasted; the problem being that 
you’ll never know which half.” 


Similar conundrums face many Web projects. 
How do you measure inherently fuzzy things like 
brand awareness, industry mindshare, or 
customer satisfaction? Often referred to as soft 
ROI, these areas are where the math gets tricky. A 
few examples of soft ROI include building equity 
in a brand, improving knowledge sharing within 
an organization, and strengthening perceptions 
of a company within its industry segment. Often 
impossible to quantify using empirical methods, 
these returns can constitute the most essential 
objectives for many Web projects. 

Measuring Soft ROI 

So how do you measure results that are inher¬ 
ently unquantifiable? First, be prepared to 
make the argument that simply because some¬ 
thing is difficult to measure doesn’t make it 
unimportant. Be confident that soft ROI does 
translate into a hard impact on the bottom 
line, it’s just difficult to observe. 

Consider companies like Apple and Sony, for 
instance, where a strong design aesthetic lies 
at the core of each company’s brand and drives 
its approach to product development. No one 
in either company would dispute that good 
product design translates into bottom-line 
sales increases, but when it comes to distin¬ 
guishing what’s good, strictly rational business 
formulas can’t supplant the importance of a 
good designer’s aesthetic judgment. 

Some companies have developed creative 
mechanisms for measuring those soft returns. 
IBM conducts a worldwide brand tracking study 
every year, assessing trends in customer percep¬ 
tions of the brand. In 1998, IBM started tracking 
the consumer awareness of IBM.com as well. 
Conducting a regular random-sample telephone 
survey of consumers and IT purchasing influ¬ 
ences worldwide, IBM poses questions designed 
to probe these customers’ perceptions of the 
company—for instance, asking whether users 
perceive IBM as a technology innovator versus 
an old-line mainframe and services company. 
Comparing responses against respondents’ 
awareness of the company’s Web site, IBM 
researchers observe connections between the 
frequency of customer exposure to the Web site 
and IBM brand perceptions. 

In addition, IBM has been running an online 
survey for over three years, and according to 
Cotter, the company also tracks key metrics 
like goal achievement. IBM assesses goal 
achievement by posing a simple online survey 
question to users asking whether they have 
accomplished the goals they came to the site 
to complete. IBM’s senior management 
monitors these numbers on a quarterly basis. 


When 3Com launched an extranet project 
design to help its channel partners better 
understand and explain complex product offer¬ 
ings to potential customers, the company 
devised a simple method for assessing the 
project’s ROI. Rather than attempt to measure 
success in terms of hard dollar sales—an inher¬ 
ently difficult measurement, given the broad 
range of factors that might affect partner 
sales—3Com simply surveyed its channel part¬ 
ners to assess whether they believed the 
extranet had improved their ability to sell 3Com 
products. The result: 60 percent said yes. 

Other forward-thinking companies like GE, 
Intel, and Macromedia have also embraced 
soft ROI measures as legitimate gauges for 
assessing the effectiveness of Web project 
investments. 

ROI Metrics for the Web 

Some additional measurements that come into 
play for Web projects are: 

Conversion rates. These let you track the 
number of visitors who are converted into 
customers. 

Abandoned shopping carts. On commerce sites, 
the frequency with which your visitors abandon 
their shopping carts is a key indicator of satis¬ 
faction with their online shopping experiences. 

By tracking decreases in the number of aban¬ 
doned carts on your site, you can measure the 
effectiveness of improvements you’ve made to 
your customers’ online shopping experiences. 

Traffic analysis. This is a tricky indicator—and 
beware of smoke and mirrors from Web analyt¬ 
ics vendors—but watching traffic patterns for 
signs of stickiness can play an important role 
in judging a site’s effectiveness. 

Usability heuristics. Derived from thousands 
of software usability studies and codified by 
usability experts like Jakob Nielsen and Bruce 
Tognazzini, usability heuristics provide an 
effective mechanism for identifying trouble 
spots in a design that may impact a project’s 
ability to deliver on its ROI goals. Some of the 
most commonly applied usability heuristics 
include system status visibility, user autonomy, 
consistency, and error prevention. 

Roll Up Your Sleeves 

Once you’ve established your business goals 
and identified a set of ROI measures for your 
project, you must design a solution that 
delivers on those goals. 
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Many Web teams have developed solid 
methodologies for user-centered design, but 
those procedures typically fail to incorporate 
adequate mechanisms for measuring their 
intended business outcomes. Although design 
processes vary, to help ensure a successful 
result, Web project sponsors should work to 
align the design effort closely with the busi¬ 
ness case and incorporate measurable objec¬ 
tives into the design process. You can do this 
by focusing on measurements and by translat¬ 
ing concrete business objectives into user 
interaction models. 

Set Parameters 

Make sure that your entire design team under¬ 
stands the project’s objectives. Team orienta¬ 
tion around the business case will help ensure 
that your team works with a shared purpose 
and validates its design decisions against the 
desired corporate outcomes. 

Identify key ROI metrics. Begin with a team 
understanding of business goals and objectives, 
and set specific, measurable, ROI objectives, the 
fulfillment of which will constitute a successful 
project outcome. Factor in both hard and soft 
ROI measures, and decide on an eventual 
method for cost-benefit analysis. 

Translate business goals into user tasks. For 

example, you might interpret the business goal 
of reducing customer support costs into the 
user goal of finding sufficient support online. 
Identify these tasks, model the essential 
customer interactions to support them, and 
determine potential barriers to adoption that 
might inhibit your site’s visitors from success¬ 
fully using a particular feature or function. 

Baseline measures. Before you design a solu¬ 
tion, capture baseline measurements of the 
current situation. Without a baseline measure, it 
will be all but impossible to assess future pro¬ 
gress. Tools such as user surveys and traffic 
measurements, as well as other online measure¬ 
ment tools, provide a useful starting point. 

Design the Solution 

With your business objectives, measurements, 
and task models established, you’re ready to 
initiate the formal design process. Establishing a 
solid design process can help increase your ROI 
by lowering the number of iterations the site 
must undergo before it meets business goals. 
Although you may employ your own, proprietary 
methodologies, good user-centered design 
typically involves a few of the following steps: 



User profiling. Start fleshing out your under¬ 
standing of users in terms of their demographic 
characteristics, skill levels, attitudes, and tacti¬ 
cal goals. Ethnographic or observational research 
is often useful for developing a clear picture of 
users’ needs and their work context. 

Model scenarios. Once you have a better under- i 
standing of your users, their needs, and their 
expectations, begin building model scenarios of 
use. Consider how, when, and why a user might 
come in contact with the product. Under¬ 
standing the context of use gives you deeper 
insight into user behavior and expectations, and 
lets you generate ideas for features and func¬ 
tions that you hadn’t previously envisioned. 

Iterative design. Great designs evolve through 
ongoing iteration and refinement. Beware of 
quick-fix design solutions, or giving in to time 
pressures. Budget time into your schedule for 
iteration (and more iteration). 

Test with real users. Too often, companies 
think of user testing as “nice if only there were 
more time, more budget, and so on.” However, 
user testing doesn’t have to be expensive or 
time consuming. Testing can save you time and 
money by identifying potential trouble spots in 
your design that might require costly fixes and 
revisions later on. 

Measure. Once your project is complete, if 
you’ve committed to delivering on certain goals 
and objectives, now is the time to conduct 
follow-up measurements to determine whether 
your project has delivered on its stated goals. 
Gather the data to analyze whether your proj¬ 
ect has fulfilled its cost-benefit objectives. 

Finally 

If you’ve laid a sound foundation for carrying 
out a user-centered design project—identifying 
achievable business goals, setting up the right 
measurements framework, and tightly aligning 
those objectives with the design methodology- 
then your project stands a solid chance of 
achieving its goals. There are, of course, no 
absolute guarantees or magic formulas, but with 
the right tools, metrics, and methodologies in 
place, you’ll raise the odds of achieving that 
Watsonian ideal of doing good business. >< 


Alex Wright is a user experience architect who has 
built and lead user-centered design teams at 
Liquid Thinking, Phoenix Pop, and IBM.com. You 
can contact him at alex(a>agwright.com. 
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Canvas 8 
for Macintosh OS X 

Deneba Software 
www.deneba.com 

$399 


Graphics Collaboration 

More than 15 years ago, Deneba’s Canvas 

software emerged on the Macintosh platform 
with the unique distinction of combining 
bitmap and vector graphics in a single applica¬ 
tion. Canvas earned the reputation as a “Great 
Combiner” of tools found in other more 
focused, and often hard-to-master graphics 
packages. Deneba’s tradition of both Macin¬ 
tosh pioneering and tool assimilation contin¬ 
ues with its release of Canvas 8 for Mac OS X. 
Canvas 8 is one of the first major graphics soft¬ 
ware releases for Apple’s new operating sys¬ 
tem. Unlike the “jack of all trades, master of 
none” product I expected, Canvas is an elegant 
application, with advanced tools, clever inte¬ 
gration, and surprising polish. 

I reviewed the beta version of the software, 
running on a 450 MHz G4 with Mac OS X. The 
Aqua-compliant interface under OS X is lovely 
to behold. Many of the tool palettes, espe¬ 
cially the color and gradient palettes, are 
simply gorgeous. Unfortunately, gorgeous 
often equals slow with OS X. Even though I 
noted some of the sluggishness that’s typical 
of OS X’s CPU-hogging eye candy, Canvas was 
responsive enough overall. 

What’s New? 

DenebaShare is perhaps Canvas 8’s most curi¬ 
ous new feature. It’s an ambitious means for 
workgroups (or anyone) to share Canvas files 
over the Web. DenebaShare is similar to an 
instant messenger client, which lets you share 
graphics with people on your friends list. It’s a 
time-saving technology for collaboration, and 
hopefully, it signals a new trend of experimen¬ 
tation and more novel Internet use within 
graphics software. 

The new scripting engine within Canvas not 
only allows for individual automation, it also 
paves the way for middleware and vertical appli¬ 
cations. In the Windows version, Canvas can be 
fully controlled using VBScript, JavaScript, Visual 
Basic, and other Windows Automation-compli¬ 
ant systems. Unfortunately for Mac users, it 
only supports AppleScript. For non-scripters, 


Canvas provides a Sequences tool similar to the 
History tools in other programs. Sequences can 
be saved and used by scripts as well. 

Canvas also has Flash support, which is 
exciting because Deneba has tried make a 
more editable SWF file format. In other apps, 
SWF support is geared toward exporting a 
completely flattened, Web-ready SWF. Canvas 
provides a second option for exporting, an SWF 
Editor mode, that exports an SWF that's better 
suited for importing into the Macromedia Flash 
editing environment. 

I exported various Canvas-created artwork 
into the Flash format, and it works great. 
However, I quickly bumped up against the 
gradient-export problem that plagues vector 
programs everywhere. A gradient fill is a 
lovely way to add color complexity to vector 
artwork at a low cost to file size and com¬ 
plexity. Gradients are great, as long as you 
stay within the software that created them. 

As with most apps, each band of color in a 
gradient is converted into individual vector 
shapes. While this results in a near perfect 
transfer of the artwork, it also causes file 
bloat. Each simple shape becomes a group of 
hundreds of differently colored shapes. The 
problem is rooted in the fact that every 
vector-oriented program defines gradients in 
a completely different way. If you intend to 
use Canvas to create vector art for use in 
Flash, I recommend that you use simple, flat 
color fills on every object, and re-create gradi¬ 
ents within Flash itself. 

Many Well-Organized Tools 

Based on its reputation, I expected to find a 
large array of tools from Canvas, but I was 
pleasantly surprised that some of the tools 
were so tightly integrated and complementary. 
For example, vector objects are seamlessly 
merged with Photoshop type filters through a 
“sprite effects” interface that lets you pile on 
the filters without converting the vector art 
into a pixel bitmap! I had to abandon some of 
my old assumptions when I discovered that 
seemingly disparate tools actually worked 
harmoniously together. 

Canvas 8 has a new slicing tool similar to 
those in Fireworks and Photoshop. You can 
draw rectangles to define slice regions, then 
attach URLS, define compression and file 
type, and export the whole batch of slices as 
an HTML table plus individual supporting 
graphics. 



With so many tools at your disposal, you 
may expect to have a dizzying experience 
getting up to speed with the interface. 
However, Canvas 8’s new docking bar organ¬ 
izes and reveals tool palettes and options 
well. The Docking Bar is a long strip below the 
menu bar, populated with the tab-titles of 
tool palettes. If you click on a tab, the palette 
drops down like a menu, and disappears when 
you click back on the document. However, you 
can drag the palette away from the docking 
bar at anytime, and it stays open like an ordi¬ 
nary tool palette. If you wish to both close the 
palette and return it to the docking bar, a 
special button on the palette will do it for 
you. The docking bar is completely adjust¬ 
able—you can arrange it to your whim. 
Although this is a simple thing, it makes the 
interface as organized as it is customizable 
and accessible. 

Canvas has incredibly good vector editing 
tools. They are as refined and easy to manipu¬ 
late as any I’ve seen. One of my long standing 
gripes with products is the difficulty of select¬ 
ing curve points and handles (I’m constantly 
inadvertently deselecting points when I try to 
drag, or vice versa). Canvas has the best-sized, 
easiest to select handles, and many nice meth¬ 
ods for selecting and manipulating multiple 
points at once. 

Of the various graphics editing software 
I’ve used, Canvas 8 is the closest to 
Macromedia Fireworks, which also deftly 
combines vectors, bitmaps, and a heaping 
dose of Web-specific functionality. Fireworks 
is clearly the leader in the Web-specific pro¬ 
duction arena, (due to its extensive ability to 
attach Web interactivity to graphics and its 
tight integration with Dreamweaver), but 
Canvas is the better choice for more technical 
drawing and complex illustration. 

Overall, I was impressed by Canvas 8 and I 
recommend it to graphics professionals who 
are looking for a combination of value and 
variety in a single application. A dedicated 
core of Canvas fans provide good peer 
support. Deneba offers a trial version for 
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evaluation, and I recommend that you down¬ 
load it and try it out. 

-joe Sparks 

Joe is the creator of the popular Web animation 
series “Radiskull & Devil Doll.” He is also known 
for his pioneering CD-ROM games, “Spaceship 
Warlock” and “Total Distortion.” You can contact 
Joe at www.joesparks.com. 



Adobe Illustrator 10 

Adobe 

www.adobe.com 

$399 


New Tools, Mature App 

Like its predecessor, Adobe Illustrator 10 is 

striving to become the vector graphics editor of 
choice for Web developers. While it has always 
been a good multipurpose program, Adobe 
clearly considers the Internet an important 
market. Illustrator 10 integrates better with 
other Adobe Web-based tools like Atmosphere, 
LiveMotion, and GoLive. Several new features 
provide Web developers with enhancements to 
the already capable drawing and text tools. 

Tool Enhancements 

Illustrator 10 offers a complete set of tools, 
many of which were introduced in version 9, for 
the creation of Web-based graphics. Graphics 
symbols, slicing options, and exporting 
enhancements are among the most important 
of these tools. 

The use of graphics symbols is certainly 
nothing new, and the advantages are obvious 
in that it keeps files smaller and easier to 
manage. Illustrator 10 adds several features 
that turn symbols into an important design 
tool. In previous versions of Illustrator and 
most other vector drawing applications, the 
creation of similar object types has always 
been a long and strenuous process. For exam¬ 
ple, if you were creating a sky full of stars, 
you’d benefit from using symbols. To create 
such a scene in a traditional manner, you’d 
have to repeatedly use the copy and paste 
commands. This step alone would take con¬ 
siderable time. If you wanted the scene to 
appear even slightly natural, you’d need 
to manually manipulate the individual pasted 
objects to add some nonconformity. 

Instead of going through this long, drawn 
out process, in Illustrator 10 you can simply 
define a group of related objects. Once these 


are created, you can use the new Symbol 
Sprayer to add instances to the scene. 

After the symbols are inserted into a draw¬ 
ing, you can use raster-style paint tools to 
paint the vector-based objects. For instance 
you can use the Symbol Screener to make the 
symbols transparent, the Symbol Stainer 
to colorize symbols, or the Symbol Styler to 
create paint-like effects. You can combine 
these tools to achieve a seemingly endless 
array of effects. Illustrator 10 uses the Symbols 
palette to manage the symbols, which you 
can share with others in a workgroup in much 
the same way that you create brush and style 
libraries. 

Illustrator 10 offers a Web-based enhance¬ 
ment in the Slicing tools that lets you break a 
Web page into smaller, independent pieces. 
This improves the user experience, as it lets 
the Web page load more quickly. Breaking a 
page up into smaller pieces is useful to a 
developer as well, because it lets you assign 
behaviors like rollover effects to specific 
sections of a page. The slices defined in 
Illustrator can be edited directly in other 
Adobe applications such as Photoshop and 
GoLive. 

Illustrator borrows another of its enhance¬ 
ments from Photoshop. It now features an 
updated Pathfinder palette with options that 
are far easier to use. Illustrator’s palette has 
new Add, Subtract, Intersect, and Exclude 
options that let you combine shapes into one 
compound shape. You can add or subtract 
elements of the compound shape, and at any 
time, you can individually edit the elements 
that make up the shape. 

Scripting Support 

In previous Illustrator versions, there was a 
Software Developers Kit (SDK) that supported 
scripting. In version 10, Adobe has integrated 
the scripting directly into Illustrator, which 
includes a 400 page Scripting Guide with the 
software. You can write scripts that take 
advantage of almost any Illustrator feature 
using one of three popular scripting languages: 
Windows Visual Basic scripting, JavaScript, 
or AppleScript. There are several ways to 
take advantage of the scripting languages, 
because you can use them to automate 
repetitive tasks. For instance, if you need to 
batch convert graphics files from TIFF to JPEG, 
you could write a script that would open 
all TIFF files in a given direct and convert 
them to TIFF. This script would save you 
from having to open and save all of the files 
individually. 
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New Drawing Tools 

Illustrator 10 has added several new drawing 
tools to accompany the previously mentioned 
offerings. Instead of manually creating arcs, 
lines, or grids, you can use the new Arc, Line, 
Grid, and Polar Grid drawing tools. These 
controls don’t replace the Pen tool, which is 
still present. They simply provide an easy way 
to create the shapes they represent. 

Along with the drawing tools, Illustrator 10 
has a new Flare tool that lets you add realistic 
lens flares to a drawing. The flares are vector- 
based objects, and as such, you can fully edit 
them. They can also maintain their appearance 
while you resize them. The process of actually 
drawing the flares is simple. You begin 
by drawing the center of the flare and control¬ 
ling the number of rays. When you’ve adjusted 
the center to your liking, with a single click you 
can specify the length of the flare and rings. 
Once you’ve created the flare, double-clicking 
on it opens the Flare Tools Options, so that you 
can adjust its many properties. 

Worth Mentioning 

In previous versions, Illustrator could export to 
both the Scalable Vector Graphics (SVG) and 
Macromedia Flash (SWF) formats—the standards 
for vector-based graphics on the Internet. Illus¬ 
trator 10 supports an enhancement in the 
exportation of SWF files. You can now generate 
an HTML file to specify the dimensions of the 
file so that the SWF file will be the correct size 
on the Web site. In addition, you can import 
SVGs, a feature that all previous versions lacked. 
Along with SWF and SVG, you can also save 
Illustrator files as complete Web pages and in 
standard formats such as GIF, JPEG, and PNG. 
Currently in Beta, Illustrator 10 is scheduled to 
be released in late 2001 (or, by the time you read 
this review). The enhancements to Illustrator 10 
make it an upgrade worth looking into. 

-Clayton Crooks 

Clayton Crooks is a freelance writer and inde¬ 
pendent consultant based in Knoxville, TN. You 
can reach him via email at crooks(a)planetc.com. 
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Are consumers ready to pay for content? 

Rosenberg 


The Web’s great free-for-all Is coming to a sudden, sharp end. Under 

today’s market conditions, Web companies can no longer expect to 
sustain themselves by losing ever-larger sums of money to gain 
ever-larger slices of market share. As more traditional business 
yardsticks take hold, many companies face the difficult decision to 
charge for some of their online content and services-and users have 
begun to accept that they can no longer get everything they want or 
love for free. 

Sure, the Web continues to offer a vast, unprecedented array of 
gratis material. But professionally produced sites need to pay their bills, 
and relying on advertising alone is a risky proposition in an economic 
slump. As senior vice president of editorial operations for Salon.com, 

I’ve become very familiar with these realities. For content sites like 
Salon.com, charging for subscriptions—once considered anathema on 
the Web—is now an essential move for survival. 

In April 2001, Salon launched its Salon Premium subscription serv¬ 
ice. For $30 a year, we offer users a package of content and services 
unavailable anywhere else. We planned, built, and deployed this proj¬ 
ect in three months. We made some mistakes along the way, of 
course, and learned some unexpected lessons. We also signed up 
10,000 subscribers in our first 11 weeks, and brought some critically 
valuable revenue into our company’s coffers. 

In the months since we introduced Salon Premium, a host of other 
companies—from Yahoo! to The New York Times—have announced plans 
to offer for-pay Web content. In boardrooms across the industry, it’s 
become the thing to do. But while the why is obvious, the how is 
rarely addressed. 

Obviously, ours isn’t the only way to build a for-pay site. But our 
experiences—the strategic decisions we made, the operational 
choices required to carry them out, and the technical solutions we 
adopted to make it all happen-should benefit anyone thinking of 
taking this path. 

Strategic Decisions 

In January of 2001, faced with the near-certainty that advertising in the 
coming year would be significantly reduced from previous levels, Salon’s 


senior management decided to try to augment its income by offering 
subscriptions. We already had a steady but small stream of subscription 
revenue from The Well, the venerable online community service we’d 
acquired in 1999. Figuring out how to charge for Salon itself, though, 
was a tough problem. 

We’d built Salon’s traffic steadily, from 1995 to the present, while 
operating as a free site. On a typical weekday we deliver between 1.2 and 
1.5 million pages, and our monthly unique visitors (as measured by the 
Audit Bureau of Circulations) hover between 3.5 and 4 million. We sell 
ads based on this traffic. Even in the downturn, we receive significant 
advertising revenue that we’d be crazy to throw away. 

The reality of closing the gate for most Web sites is cruel: The 
moment you start demanding a subscription fee for site entry, you 
have to figure that your traffic will be reduced by at least a factor 
of ten—even more at the start, before you’ve had time to build a 
decent subscriber base. Ad revenue depends on traffic numbers, so 
the moment you start charging for subscriptions, you cut your adver¬ 
tising dollars off at the knees. We’d watched (and criticized) our com¬ 
petitor Slate as it unsuccessfully pursued this course in 1998, then 
abandoned it. 

So how do you bring in subscription money without strangling adver¬ 
tising? Salon chose to continue operating a mostly free site. Premium 
would be an add-on, and our goals for it would be modest—we’d aim to 
augment, not replace, our advertising income. While this might not be 
as daring and dramatic as a full-bore “by subscription only” plan, it had 
the singular advantage of being realistic. After six years on the Web 
we’ve learned to base our plans on the way users actually behave, not 
how we wish they would. 

We proceeded with market research, surveying Salon’s readers in 
hopes of learning what might entice them to pony up for a premium 
service, and at what price. Of the two dozen options we suggested, two 
ranked highest: Our users wanted more in-depth political coverage, and 
they wanted the option to read our site without banners or pop-up 
advertising. The former made sense, given that our liberal-leaning read¬ 
ers had just emerged from the chaos following the 2000 Presidential 
election. The latter is surely on most Web surfers’ wish lists. 
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Could we offer an ad-free edition without sacrificing revenue or alien¬ 
ating advertisers? Patrick Hurley, our senior vice president for business 
operations and one of the chief architects of Salon Premium, thought 
we could. Because we only expected i to 2 percent of our users to join 
the premium service, we would still have tons of free-site inventory 
available for our advertisers to buy. 

But would advertisers feel Salon Premium somehow skimmed off the 
cream of our users, demographically speaking? We reasoned that, first 
of all, the users who opted to turn off ads were those most likely to be 
turned off by them in the first place. (These are the users who bombard 
sites and advertisers alike with complaints every time they experiment 
with new ad formats and techniques.) Second, the demographics of the 
Premium subscribers are in fact a simple cross-section of Salon’s overall 
demographics—no skimming in sight. 

By the middle of February, the shape of our Premium offering 
was clear. The next hurdle was how to make it happen by April, our 
internal deadline. 


of them—and signing up with more than one meant adding even more 
startup time and ongoing costs. 

Finally, there was the issue of control. We had learned from bitter 
experience that trusting a critical part of your business to a third party 
is an iffy proposition. You can end up in trouble if your partners 
decide to change their business focus, or if they suffer financial set¬ 
backs. At worst, you can be stranded without a vital service or even 
without access to your critical data. 

In choosing to build Premium ourselves, we started with some key in- 
house assets that made the choice not only feasible, but also cheap. We 
already had a billing system for The Well that used the venerable R:Base 
package. We had the custom-built content management and production 
platform-a system we call MPS (for Millennial Production System, 
because it was developed during the year 2000 rollover). Most impor¬ 
tantly, we had an enormously versatile technical staff. 

Implementing Salon Premium 







Build or Buy? 

In early March we decided to build most of Salon Premium ourselves, 
relying on partner companies only for credit-card verification and related 
details. While there’s no one-size-fits-all answer, our experiences at 
Salon.com have left us with a healthy respect for the do-it-yourself alter¬ 
native. For all its difficulties and pitfalls, rolling your own software is, to 
paraphrase Winston Churchill’s famous line about democracy, the worst 
way to run a Web site—except for all of the others that have been tried. 

Building Salon Premium presented three big technical challenges: 

• We had to register users, process payments, and track accounts. 

• We had to gate some content to make it available only to 
subscribers. 

• We had to make the entire Salon.com site available to subscribers 
in an ad-free version. 

Having already invested in developing our own content manage¬ 
ment and production platform (more on this later), we knew it made 
the most sense to handle content issues in-house. Yet surely the 
accounting was a prime candidate for outsourcing: This particular set 
of problems has been addressed by thousands of other companies 


Yes, but. As we discussed our needs with a parade of third-party 
providers, we gradually became convinced that the roll-your-own 
approach was the only one that made sense. First and most important, 
there was timing: We needed to roll out our service in a hurry. This tran¬ 
sition was our top priority—but no matter what the third-party pro¬ 
viders promised, we knew we’d be one of many accounts, and even their 
most optimistic projections were slower than we knew we could 
manage on our own. 

Second, most third-party arrangements involved up front charges and 
ongoing portions of our precious revenue. Third, each provider could 
solve a different piece of our operational needs, but none could solve all 


Heading up our team of developers and production engineers was 
Benjamin Grant, Salon’s vice president of technology. Grant chose to 
build our secure registration system in java, using JavaBeans and jSP for 
our registration, encryption, login, and account preferences function¬ 
ality. A seasoned Java developer, with experience in e-commerce and 
publishing, Grant wrote this code while our systems team deployed its 
future home, a pair of Linux servers (redundancy to ensure an always-on 
sign-up capability). 

CyberSource, our transaction processor, provided a robust Java API, 
with which Grant had previous experience. The Premium registration 
system would feed its information into The Well’s R:Base billing pro¬ 
gram, which would then track user accounts for billing and renewal (our 
standard subscription is for a one-year term). By using established 
JavaBean patterns for our form handlers, open-source encryption 
libraries, and JDBC drivers for access to existing database services, Grant 
prototyped the required functionality in a matter of days. 

Another motive for using Java was that, before this development 
effort, Salon didn’t have an established capability to house or host Java 
or JSP applications, because MPS relied exclusively upon Perl and 
HTML::Mason. Grant chose to introduce some diversity into Salon’s infra¬ 
structure for possible future use, as well as to provide an opportunity for 
production and technical staff to gain additional skills with Java. 

the membership database primarily for its 
simplicity and speed. In fact, MySQL is the data¬ 
base of choice for our front-end Web farm; we 
use it for a variety of utilitarian purposes, 
which now include the storage of subscriber 
preferences and registration logs. Our more 
complex database management needs are met 
by an Oracle installation within our production 
infrastructure, housed separately from our Web farm. 

Early on, we decided to use a cookie-based approach to subscriber 
authentication, despite the inevitable grumbling and complaints from some 
of our more cookie-paranoid users. This allowed subscribers access to a 
largely ad-free version of our site, and kept us from having to republish our 
entire site-tens of thousands of Web pages-to create this version. We 
wanted to deliver the same pages to non-subscribers and subscribers alike, 
and simply strip the ads dynamically for the latter group. To make this 
happen, our registration servers set a cookie for subscribers (who can later 
log out and back in again at will). The Web server checks for the cookie-if 
it’s present, the ad calls on the page are suppressed. 


already, right? _ He chose MySOL for 


Our experiences at Salon.com 

have left us with a healthy respect for the 
do-it-yourself alternative. 
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Our production engineers, Ben Riseling and Dominic de la Cruz, know 
MPS inside out, and they shaped it to Salon Premium’s needs. A little 
background: MPS stores all of Salon’s content in Oracle, and runs a collec¬ 
tion of Perl scripts to create a Web interface that editors and designers use 
to enter, edit, and publish our articles and home pages every day. It also 
incorporates HTML::Mason, an open-source project that lets us create and 
embed dynamic, Perl-based components in our pages without having to 
serve the entire site dynamically (enabling us to serve Salon efficiently 
and economically with an ensemble of six Linux boxes running Apache). 

With MPS, Mason, and Perl working together, we avoided the night¬ 
mare of having to maintain two parallel-universe versions of our site. 
The same tools helped us figure out how to put a gate in front of the 
new, Premium-only content that we wanted to restrict so that only paid 
subscribers could read it. MPS was built to be easily extendable, and so 
we simply created a new content type for these Premium-only stories 
and defined a new set of publishing parameters the new content type. 

Today, when an editor sets an article’s content type as “premium,” 
MPS automatically embeds a component that checks for a user’s cookie 
and routes the call accordingly. Subscribers are served with the full arti¬ 
cle text, and non-subscribers are routed to a special teaser page that 
includes only the first few paragraphs of the article, along with an invi¬ 
tation to subscribe. Our editors appreciated the versatility of this 
approach. It lets us overlay the premium/non-premium status of stories 
on top of our existing content categories, and change them as our offer¬ 
ing evolves. We can also change whether a particular article is premium 
or not at any time, even after, publication. 

Launch and Beyond 

We knew that asking for and taking users’ money placed us in a very 
different relationship with them than simply delivering a free site. As 
such, we needed to provide great service with as few bugs as possible. 
And because we had announced the plan to our users in late March, 
both to prepare them and to acquire an email list of interested readers 
(which would ultimately run to several thousand names), we knew that 
the heaviest load on our system would be in the first few days. 

We had hoped to have two full weeks for testing before deploying 
everything, but when does a project ever have as much testing time as 
you hope for? A variety of last-minute hitches in setting up our credit- 
card banking account left us with only a few days to test. I sat down, 
entered my credit card number, and became subscriber number one. 

We quickly fixed the more obvious bugs; it took us a few days after 
launch to work out the gnarlier ones. On the registration side, we 
needed to improve how we handled zip codes and postal codes for non- 
U.S. subscribers. On the production side, we had to fine-tune our cookie 
scheme, as reports from every possible browser/operating-system com¬ 
bination poured in. 

All in all, as launches go, this was the smoothest Salon had seen in 
six years online. I chalk that up to the fact that we were building new 
systems on top of our own field-tested software, rather than starting 
entirely from scratch. 

Subsequent to our Premium launch, we’ve prototyped Java code to 
interface with our publishing system’s Oracle database. We also have 
experimental services running under the Apache Project’s Cocoon and 
Tomcat application servers that render Salon’s content in XML, applying 
XSLT and XSP for form and functional purposes respectively. In the short 
term, this provides us with additional flexibility in working with content 
distribution and syndication partners. It also poises us for a future 
evolutionary transition to a dynamic, XML-based, content delivery model. 


We’ve focused on how to market Premium as well, with pitches from 
well-known Salon contributors and constant additions and improvements 
to the subscriber benefits—like a print-friendly text-file or PDF download of 
each day’s edition. Sign-up rates, although never as meteoric as in the first 
few days when we drew upon our most dedicated fans, have matched our 
projections. But recently, we decided to revise our strategy even further. As 
advertising became mired in a post-September li slump, we announced in 
October our decision to make nearly all of our news and politics coverage 
part of Salon Premium, in an effort to boost subscription revenue. The flex¬ 
ibility of our system made this a simple change to implement. 

The total cost to launch? A couple of servers and a few weeks of our 
developers’ time. In other words, Salon Premium paid for itself within 
hours. And though there are obviously ongoing customer support costs 
and premium-only content (mostly staff-written) production costs, the 
bulk of the program’s revenue goes straight to Salon’s bottom line- 
providing an invaluable lifeline to carry our company through the worst 
of this advertising cycle and of those yet to come. 

In the end, of course, our subscription plan has worked because a 
small but significant portion of our users feel that Salon is worth 
supporting with their cash. That loyalty-which we feel we’ve earned 
over the years through the quality of our writing, editing, and design—is 
precious and irreplaceable. If you have that, the rest is just details. >< 


Scott Rosenberg (scottr(a)salon.com) is Salon’s senior vice president for 
editorial operations and also its managing editor. His writing has appeared 
in The New York Times, Wired and many other publications. 
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The Return of 

Micropayments 

Will tiny payments finally make their big debut? 


_ Michael Hurwlcz 

Since the earliest days of the Web, visionaries dreamed of the 

profits they’d make if only they could charge a few pennies for each 
stock quote, weather update, and news story viewed by consumers. 
Although that dream was lost for a few years amidst claims that 
“content wants to be free,” many content providers are now showing 
a renewed interest in micropayments because of floundering adver¬ 
tising proceeds. 

The micropayment concept is simple: Require consumers to pay a 
trivial fee for each item of content he or she downloads. Over time, 
those trivial fees add up to a large revenue stream for sellers. For exam¬ 
ple, stores like Amazon.com could sell music tracks for 50 cents apiece— 
a bargain for audiophiles who prefer to compile their own playlists or 
just don’t want to purchase an entire album. It’s also not a bad deal for 
sellers, who are freed from the expense of pressing, packaging, and 
distributing physical CDs, not to mention the risk of getting stuck with 
excess inventory. 

Despite the potential benefits, there is a debate about whether 
micropayments are feasible. Whereas prominent figures like Jakob 
Nielsen and Nicholas Negroponte point out the potential in micro¬ 
payments, others argue that consumers don’t want them. In his 
December 2000 essay, “The Case Against Micropayments,” Clay Shirky 
claims that the micropayment is “an idea whose time has gone.” 

He notes that users want easy access to content and predictable 
pricing, similar to what they get with long-term subscriptions to 
content. With so many different opinions, it’s hard to know who 
to believe. Are micropayments an innovative idea that needs just a 
little more work to succeed? Or is the concept doomed to fail due to 


The Failures 

“There have been a number of attempts to implement micropayments,” 
writes Shirky, “and they have not caught on in even in [sic] a modest 
fashion.” It’s true that a small army of companies has tried to enter the 
space and failed. The list is long and includes companies like Beenz, 
CyberCash, Cybercent, Cybercoin, Digicash, eCharge, FirstVirtual, Flooz, 
and MicroMind Of these, only CyberCash and eCharge even have a Web 
site anymore. And in the case of CyberCash, it’s mainly to announce the 
company’s acquisition by VeriSign. Other players that have been around 
for awhile, but have little visible market traction in the U.S., include 
CyberChange (Cardis), eCash, Internet Dollar, MilliCent, Pay2See 
(MicroMint), and Trivnet. 

All of these companies tried (or are still trying) to bring a cash equiva¬ 
lent to the Internet. The need for a cash equivalent arises from the fact 
that the current equivalent-credit cards-doesn’t let companies prof¬ 
itably collect on very small payments. A Gartner Group survey found that 
forty percent of online merchants want to sell items for under $10 but 
can’t because transaction costs would eat up all of their profits. Credit 
card companies impose a transaction fee for each purchase. For example, 
the average business pays credit card companies 30 cents plus 2.5 
percent of the purchase for each transaction. Tiny businesses may pay up 
to 3.5 percent. Some huge businesses may pay less than a percent and no 
flat fee by virtue of contracts that are based on their average ticket sales. 
In all cases, credit cards lose their appeal below a certain transaction 
amount, usually set between $1 and $10. This is why so many merchants 
require you to make a minimum purchase when you use your credit card. 

Although pundits have cited various reasons for the failures in the 
es market, most of the explanations are theo¬ 
retical. For instance, it’s often said that users 
and merchants are afraid of the unknown. 
Micropayments are certainly a new and tricky 
area, but the counterargument is also valid. If 
fear were an absolute bar to adoption, we 
wouldn’t have credit cards or debit cards, 
which were both unfamiliar to consumers not 
too long ago. 


systemic issues? 


cash-equivalent service 


What a consumer pays to down¬ 
load today isn’t necessarily what she or he 
wants to download six months from now. 
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Similarly, it’s said that merchants don’t like 
having to install special software or link their 
shopping carts to the micropayment pro¬ 
vider’s Web site. The investment in time and 
resources that new software requires does 
pose a problem. However, we must remember 
that when credit cards were first introduced 
to brick-and-mortar businesses, store owners 
didn’t like buying scanners and maintaining 
data links to the verification centers. They do 
it now because the profit is greater than the 
investment. 

As for concerns about consumer privacy, 
traditional uses for credit cards carry the same 
amount of risk. Stores have long been able to 
track your purchases, and the physical cards 
are prone to theft and abuse. In some cases, 
consumers must give up more personal infor¬ 
mation, like annual salary, when applying for a 
credit card than for a micropayment system. 
Through the use of strong encryption and 
smart policy, a micropayment system can be as 
safe as credit cards, or even more so. 

Perhaps, then, the most viable argument 
against micropayments is that users strongly 
favor simple, predictable pricing schemes-in 
other words, flat rates-and won’t accept pay- 
by-the-drink methods if they have any alterna¬ 
tive. This argument favors subscriptions over 
micropayments. The subscription model has 
already been implemented by several online 
content companies like the Wall Street Journal 
Interactive and Salon.com. Editor & Publisher 
magazine has a similar system for accessing 
back issues. And by the time you read this, 
Yaga, a digital content supermarket, will also 
be using the subscription model. 

The problem with subscription-based 
content is that consumers must pay up front 
for a set term, which means they can’t be sure 
of what they’re buying. Although some publi¬ 
cations retain the same quality and focus for 
years, many sites these days are changing 
rapidly because of the market. People, too, 
change in their tastes and needs. What a 
consumer pays to download today isn’t neces¬ 
sarily what she or he wants to download six 
months from now. 


Wireless Lessons 

Lest you think all micropayment systems have 
failed, the wireless industry has made several 
advancements recently. In some countries, 
such as Japan and Finland, micropayments are 
a popular feature of wireless telephone service. 
Users of NTT DoCoMo’s wireless service can 
download a variety of graphics, games, and 
logos, paying a small fee for each item. The 


charges are simply added to the user’s wireless 
phone bill. 

U.S.-based Cingular offers micropayments 
for downloadable custom ring tones. For 99 
cents each, you can make your cell phone ring 
sound like such classics as “Hard Knock Life” or 
the theme music from “Scooby Doo.” Cingular 
plans to add games, logos, and graphics before 
the end of the year. MP3S are also a possibility. 

“We are very aggressive in pursuing content 
and partnerships,” says Dahna Hull, director of 
commerce development. “We want to hear 
from customers, content providers, and appli¬ 
cation developers about what they envision.” 
Hull notes that the demand for ring tones has 
been “unbelievable” since the first day they 
were available. 

It’s still too early, though, to say how many 
U.S. customers would buy a variety of content 
via wireless devices. In addition, it isn’t clear 
whether content that can often be obtained 
for free on wired networks (like stock quotes 
and weather reports) can be sold on wireless 
devices, says Peter Rysavy, a wireless tech¬ 
nologies consultant. Rysavy questions 
whether there’s any content consumers want 
enough that they’re willing to pay for and 
receive it over relatively slow wireless net¬ 
works onto a device with a tiny screen and 
keyboard. At the moment, ring tones are fun 
and avoid many of the larger issues. But more 
complex content will encounter market limi¬ 
tations on the current generation of phones. 

Buyers and sellers may also be concerned 
about the security of current wireless devices. 
Version 1.1 of WAP requires decryption at a gate¬ 
way typically operated by the carrier. (See 
www.hurwicz.com/wireless.html). This so- 
called “WAP gap” isn’t a problem for many 
types of applications, like downloading restau¬ 
rant information. But for financial transactions, 
the general rule is “don’t trust what you can’t 
control.” WAP 1.2 and 2.0 offer potential solu¬ 
tions to this problem, but they are new and 
widespread implementation in wireless net¬ 
works is unlikely before the second half of 
2002, according to Gartner Group. 

Working Toward Standards 

Micropayment services could succeed if there 
was a standard to unite them. A lack of 
common rules has impeded the wide scale 
adoption of micropayment systems. 

At one time, the Micropayment Working 
Group of the W3C attempted to create a stan¬ 
dard in the form of a “Common Markup for 
micropayment per-fee-links.” The spec 
described a set of HTML tags that are useful in 


e-commerce and micropayment transactions. 
Unfortunately, there were two key pieces 
missing. First, there was no specification for a 
Per Fee Link Handler (PFLH), a module needed 
for e-wallets to initialize micropayments and 
process information from the merchant 
server. Second, there was no standard API to 
interface an e-wallet to the PFLH, which would 
make it possible to simultaneously support 
multiple e-wallets within a single browser. 

“The W3C spec doesn’t go far enough in 
many ways, but it provides enough of a clue at 
the markup level that browsers could provide 
useful feedback to users as to the cost of a 
link, to avoid surprises,” says Mark Manasse, 
one of the spec authors. 

The standard was never formally approved. 
The most recent version is the Working Draft of 
August 25,1999. Due to a lack of implementa¬ 
tion and interest from the W3C membership, 
the W3C E-commerce/Micropayment Activity is 
now closed, reports Michel Thierry, who headed 
the committee when it was active. (See 
www.w3.0rg/e-commerce/Micropayments/ 
Overview.html.) 

Some believe that the community lost inter¬ 
est not only in extending the standard, but also 
in the whole concept of e-wallet plug-ins. Many 
consumers haven’t reacted well to e-commerce 
systems (micropayments or otherwise) that 
require installing a plug-in. Bill Densmore, 
founder and VP of Clickshare, a micropayments 
company, refers to the e-wallet approach as “a 
proven failure.” 

Not everyone agrees with Densmore. 

Cartio, a spin-off from IBM’s Research 
Laboratory in Haifa, Israel, is a micropayment 
startup that uses the Common Markup for 
Micropayment spec. With the help of technol¬ 
ogy from NewGenPay, Cartio sells news items 
from five Dutch newspapers. It’s currently 
testing the micropayments system with 1100 
consumers in a closed community. When it’s 
satisfied with pricing, presentation, and cate¬ 
gorization, it will make the news system 
available on a national portal. Cartio also 
expects to go live with five merchants in 
Europe and five in the U.S. before the end of 
this year. 

Still, some look forward to further progress 
in standards: “I expect a new XML-based stan¬ 
dard to emerge, which will define the inter¬ 
face between the merchant and the consumer 
environments. Cartio will implement and sup¬ 
port that standard,” says Jean-Marc Huijskens, 
CTO for Net.Actuals, a company that offers 
products and services based on the Cartio 
service. 
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Bill Densmore, founder and VP of 

Clickshare, a micropayments company, 
refers to the e- wallet approach as “a 
proven failure.” 


Customer Exchange 

In an attempt to sidestep some of the prob¬ 
lems associated with e-wallets and cash equiv¬ 
alents, Clickshare announced a new customer 
exchange program this year. The customer ex¬ 
change concept lets consumers log on to one 
Web site and continue to browse and purchase 
from other sites without logging in again. 

Clickshare doesn’t manage the end-user 
accounts. Instead, it acts as an intermediary 
between content owners and audience owners. 
Audience owners, such as newspapers, banks, 
telcos, publishers, and retailers already have 
billing relationships with customers, and 
manage the user accounts. This is attractive to 
audience owners, who view loyal customers as a 
strategic business asset. It’s also attractive to 
customers, who gain online payment ability 
without having to give out credit card numbers 
or other personal information to each seller. 

Clickshare relies on aggregation to keep 
costs down. Unlike an online payment service, 
which charges the sender and credits the 
receiver more or less immediately, Clickshare 
transactions are aggregated and paid as a 
single charge that is added to a bill that the 
consumer already pays each month. 

Because of aggregation, Clickshare can afford 
to charge companies just 1.5 cents per transac¬ 
tion. There is also a variable charge of up to 5 
percent on each transaction (the higher an 
item’s price, the lower the percentage), and 
an initial sign-up fee of $5000. Compared to 
credit cards, this fee structure offers clear advan¬ 
tages for processing large numbers of small 
transactions. For transactions below the 30-cent 
range, Clickshare is clearly a more viable option. 
According to Densmore, Clickshare can prof¬ 
itably enable transactions as low as 10 cents. 

The process starts with both content owners 
and audience owners installing software from 
Clickshare. The content owners mark different 
classes of content by placing them in different 
subdirectories. They then notify Clickshare of 
the price they charge for each product class. 

This system makes it easy to support various 
pricing models for different products or cus¬ 
tomers, such as free, subscription, and pay-by- 
the-drink (including micropayments). Clickshare 


authorizes each transaction and reports it 
immediately to the audience owner. As end 
users browse the audience owner’s service, 
they’re notified of each item’s cost. 

Content owners play the role of wholesalers 
in this scenario. They can offer the same content 
directly to consumers over the Web—the equiva¬ 
lent of retailing. However, if their retail prices are 
close to wholesale, audience owners won’t pro¬ 
fit, and they won’t be willing to display the 
product to their customers. Displaying, in this 
context, means finding the content, sorting it, 
and packaging it in various ways. 

Clickshare’s technology is now being used 
by two major newspaper groups, Belo and 
MediaNews. Uclick.com, a subsidiary of 
Universal Press/Andrews McMeel, uses 
Clickshare to sell premium-content newslet¬ 
ters, crosswords, and other items. 

Analyst Avivah Litan says Gartner Group has 
had no inquiries about Clickshare from cust¬ 
omers so far. Nevertheless, Densmore claims 
that Clickshare is overwhelmed by clients who 
want the service. “Our problem is deciding 
which ones to take first.” 

Little Steps 

With such a great profit potential, most observ¬ 
ers are hopeful that a widely accepted micropay¬ 
ments methodology will emerge soon. Litan 
believes it’s inevitable. She’s encouraged by the 
success of online payment services, like PayPal, 
that make it easier for content providers to 
implement commerce functionality. “It’s the 
beginning of virtual cash on Internet,” says 
Litan. “It will extend to large businesses, too.” 

Soon, one of the biggest vendors may join the 
micropayments market. Analysts have noted that 
Microsoft’s Passport technology could be used 
for cash as well as authentication. Microsoft isn’t 
ruling out that possibility. However, Litan advises 
enterprise clients to stick to pilots for now, and 
tells them that they should expect to wait per¬ 
haps two to three years to implement production 
micropayment systems. >< 

Michael (michael(a)hurwicz.com) is a technical 
journalist and Flash animator. Visit his Web site 
at www.hurwicz.com.. 
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Not all web hosting companies give you the 
best hosting service for your web site. They 
serve up everything and anything to attract 
mur business, but when it comes down to 
web hosting, their quality is less than 
Grade "A". 


At Hostway, hosting is our business. 
Whether you need a web site, an online 
store or dedicated server, we have the right 
solution for you. Hostway is consistently 
ranked at the top of web hosting providers 
because we are the best at what we do - 
delivering reliable, affordable web hosting 
with a level of dedication and 24/7 support 
unmatched by others. 


It’s not surprising that over half 
of our customers are referrals 
from existing customers. 


Don't settle for anything less than the best 
we'll give you the prime cut' in hosting 
every time, all the time. 


sales@hostway.com 
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For paid content sites, secure handling of monetary transactions can be 
a headache. A simple micropayment system might ease your pain. 


MULTILINGUAL 

METHODS 


AT. Williams 


Pay As You Go 


More and more businesses have begun asking their users 

to pay for what they receive on the Web. But for Web devel¬ 
opers, this introduces a whole new set of problems. I’ve 
implemented a few e-commerce sites, and I know what a 
headache it is to deal with issues like SSL security and 
transaction processing. However, consider micropayments. 
Do you really need Fort Knox security after the initial credit 
card transaction has taken place? 

In a micropayment scenario, you wouldn’t need a separate 
transaction for every customer purchase. Users could instead 
charge up their accounts with funds from a single card trans¬ 
action, and then spend online from that balance. (Several 
services, like Stamps.com, already work this way.) Once 
you’ve sidestepped the thorny problems of dealing with real- 
world money, security concerns become much less crucial. 

To demonstrate such a system, I developed a prototype 
fee-based, FAQ list. I decided to use Active Server Pages, 
because it’s easy to use and adept at handling databases. 
Along the way, I also had to mix in a bit of JavaScript on 
the client side to make everything work correctly. You can 
find the complete source code for the project online at 
www.webtechniques.com. 

The Design 

I wanted to decouple the payment collection portion, which 
I didn’t prototype, from the content delivery portion. There 
are four key pieces: You need a way to authenticate the user 
and access his or her account balance. You also need a data¬ 
base of FAOs, and a way to display the FAOs and charge a 
small amount for each item. Finally, you need a mechanism 
to allow free questions. 

In addition, I had to think about how to handle situations 
in which users want to review FAQ entries they’ve already 
bought. (I could refuse to let users access a question with¬ 
out paying again, but that seems rather draconian.) 

I aimed to keep my SQL statements simple enough that 
it wouldn’t matter which database I used. Finally, I decided 
to let the application work either with or without frames. 

The User Interface 

Access to the system depends on authentication through a 
login screen. I could have used NT authentication, or even 
the personalization system that high-end Microsoft sys¬ 
tems provide, but these are complex and aren’t available on 
all servers. Instead, I built my own simple system. 

Security-conscious readers might note that my solution 
isn’t perfect. The passwords aren’t encrypted and my 
authentication scheme isn’t particularly resistant to 
brute-force password attacks. If security is your top 
concern, you would be wise to pay more attention to this 


portion of your application. For example, if I were using an 
Apache server (and perhaps PHP3 or Apache::ASP with 
PerlScript) I might have opted for Basic authentication here. 

However, remember that this application’s security 
needs aren’t as critical as those on the portion of the site 
that actually conducts credit card transactions. The only 
things being protected here are the questions and the small 
micropayment balance. It would hardly be worth 
the trouble to crack passwords for such small amounts, 
and such limited ways of spending the loot. 

In addition to the login screen, the application needs 
several other pages (you’ll find these in the online listings): 

• faq.asp. The main index of questions. 

• faqview.asp. Shows the FAQ if it’s free, or shows details 
about the particular question including the charge. 

• faqbuy.asp. This script deducts the fee from the user’s 
balance and shows the article. 

• faqacct.asp. This page displays the user’s account 
details. In actuality, this would probably have a link to 
the secure site to recharge the balance as well. 

• faqsorry.asp. This script runs when the user attempts 
to make a purchase with insufficient funds. 

• faqlogoff.asp. The user executes this script to log out. 

To simplify things, I put most of the database code in a 
single file, faqdb.asp. Every file initializes the database in 
the same way, so they can all include this file. 

If the user wants to use frames, the faq.asp screen will 
appear at the top left and the faqacct.asp script will be at 
the bottom. Answers will appear at the top right. Some of 
the code has to change when you’re using frames. For 
example, the login screen needs to target the outer frame, 
but the answers need to target the top right frame. Because 
I’m using server-side script, it’s easy to adapt the pages 
depending on the user’s preference. 

Behind the Curtain 

Obviously, all of this requires a database. The system uses 
three tables. The first, FAQ, contains the question, an 
answer, a price, and a summary that the user sees before 
purchasing. 

The second table is the Users table. This contains user 
names, passwords, and account balances. This table doesn’t 
contain credit card numbers or other sensitive information. 
A more secure system would encrypt the password, but I 
decided that someone who breaks into the database would 
be the least of my problems. 

The final table is the UserFAQ table. This maintains 
correspondence between users and purchased articles (by 
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the FAQID field). The system uses this table to 
decide which articles the user has already 
purchased. It would be more efficient to gener¬ 
ate a foreign key for the user’s name and use 
the foreign key (and a join) to retrieve items 
from this table. However, I added it as an after¬ 
thought and it was easier to keep the user 
names in their original forms. 

Version 1 

When a user logs in, the application puts a 
User variable in the current session that 
contains the user name. If no such variable 
exists, then the user didn’t authenticate. That 
also means that a login only lasts until the 
session times out (typically 20 minutes, unless 
the script or a server administrator changes it). 
Each page has the following code at the top: 

<% if Session(“USER”)=”” then 
response.redirect 
(“faqlogin.asp”) 

end if %> 

This effectively password protects all of the 
pages. If the user isn’t logged in, every page 
becomes the login page. Logging out is easy. The 
faqlogout.asp script calls Sessi on. Abandon to 
prematurely end the user’s session. 

One major database operation occurs when 
the faq.asp script shows the available articles. 
Example 1 shows an excerpt from that script, 
and you can find the entire listing online. 

If I comment out the second line of the exam¬ 
ple, this select statement will show all of the 
articles in the database. With the second line, 
the query select articles not already bought. You 
could do the same thing with a join statement, 
but I wanted to keep this select in two parts. 

For the first version, we won’t worry about 
the frames requirement. Eventually, though, I 
could make this select behave differently 
depending on the user’s frames choice. When 
the application uses frames, the user can easily 
see the articles that he or she has already 
bought (in the faqacct.asp script). Without 
frames, it’s a little less clear (unless you do 
another query on this page). Therefore, the 
query uses a sub-select instead of a join, which 
makes it easy to handle this modification. 

The remainder of the application is 
straightforward database and HTML manipu¬ 
lation. I don’t attempt to encode anything 
from the database, so I can put any sort of 
HTML that I choose in the articles. This also 
means I have to encode entities like less-than 
signs (&lt;) to keep the browser from 
mistaking my text for HTML code. 


Adding Frames 

To make the frame-based user interface work, I 
let the user select an option on the login page. 
If the option is enabled, the session receives a 
new variable, Frame, and the login script redi¬ 
rects to the frameset (faqframe.htm in the 
online listings). Each page has subtle modifica¬ 
tions when frames are active. For example, it 
doesn’t make sense to have command links to 
view account status in the faq.asp page when 
you’re using frames, as the account status is 
always present. 

Another problem is redirecting the command 
clicks. This requires that the script include a 
Target attribute on the links. Consider Example 
2, which is another excerpt from faq.asp. With 
no frames, this resolves into a simple hyperlink. 
With frames, the hyperlink includes a Target 
attribute to the answer frame. 

Something that might not be obvious when 
you’re moving to frames is what happens when 
the user’s session expires (or he or she logs 
out). If the user attempts an operation after 
this occurs, whichever page loads will redirect 
to the login page. You don’t want the login 
page to appear in one of the frames, you want 
it to take over the entire browser. With a hyper¬ 
link, you can force the browser to do this. You 
can’t with a redirect. 

Most frame-intensive sites have the same 
issue. If a search engine, for example, brings a 
user directly to an inner page, the site layout 
won’t be correct. Many sites want to know 
about frames to prevent other sites from 
displaying their page in a frame. So the ques¬ 
tion is, how do you know if you’re in a frame? 

Luckily, this is simple with JavaScript. 
Example 3 shows a test that reveals whether or 
not the current page is in a frame. 

In the BODY tag, the page calls the function: 

<B 0 DY BGCOLOR=Cornsilk 

onLoad=’noframe();’> 

If the login page discovers it’s in a frame, it 
directs the browser to reload the page as the 
top-level document. 

Lessons Learned 

Although this FAQ system isn’t completely 
secure, I think it’s as secure as it needs to be. 
Unless an attacker physically intercepted 
network traffic, it would be very difficult to 
break into a user’s account without his or her 
password. Even if an attacker gained the pass¬ 
word by guessing, social engineering, or reading 
keys, only a minimal amount of damage could 
be done. 


If you’re worried, you could place an upper 
limit on the amount of money a user can keep 
in his or her account at one time. It would also 
be relatively easy to offer a monthly or annual 
subscription that would override the balance 
manipulations in faqbuy.asp. 

Active Server Pages made this project 
simple, even though it’s easy to envision the 
same task in PHP or JSP. Generally, however, 
most projects require a synergy of server-side 
and client-side scripting. In this case, the 
client-side script was minimal, but vital to the 
correct operation of the application. 

Of course, the true challenge for this appli¬ 
cation isn’t a technical one. The real challenge 
is identifying and producing content compelling 
enough that users will want to pay for it. >< 


Al is the author of many popular programming 
books. Visit Al at www.al-williams.com. 


example 1 

SQL="Select FAQID, Question, Price 
from FAQ" 

4 Could comment this out if you want¬ 
ed or make it depend on frames 

SQL = SQL & " Where FAQID NOT IN 
(Select FAQID from UserFAQ where " & 
"User = *" & Session("USER") & "')" 


An excerpt from faq.asp, showing how we retrieve 
articles from the database. 


example 2 

Response.write("<A 

HREF=faqview.asp?FAQID=" & 

RS("FAQID")) 

if Session("Frame")="Y" then 

Response.writer TARGET=answer ") 
Response.write(">") 


Redirecting links depending on whether the appli¬ 
cation is using frames. 




example 3 

if (top.location != location) 
alert("I am in a frame"); 

The login page has this JavaScript 
function defined: 

<SCRIPT> 

<!— 

function noframe() { 

if (top.location != location) < 
top.location.href = 
document.location.href ; 

> 

) 

//-> 

</SCRIPT> 


JavaScript to test whether the current page is 
within a frame. 
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Automated form submissions can pollute your survey data with false 
results. Screen out robots with a human-only validation technique. 


PROGRAMMING 
WITH PERL 


Randal L. 
Schwartz 


hy_Bnho_tal 
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In last month’s column, 1 talked about implementing one 

type of survey form for customer feedback. Other types of 
forms often have ratings systems or multiple-choice values, 
which are then summarized into an average score to deter¬ 
mine the most frequent responses. 

Of course, such forms are meant to be used only once 
per person. But what if some of your responses are coming 
from Web robots? A clever Perl hacker could write a ballot 
stuffing program with just a few lines of code. 

1 was actually thinking about this problem the other 
day. As a human, it’s trivial for me to see an image, extract 
the text content, and type it back into a form element. 

On the other hand, that has to be reasonably difficult for an 
automated form submission robot! That got me scurrying off 
to figure out how to validate a form using an image. After a 
couple of false starts, 1 came up with the program presented 
in Listing i, as a demonstration of this technique’s basics. 

Lines i through 3 are my standard Perl program header, 
enabling warnings, compiler restrictions, and disabling the 
buffering of STDOUT. Line 5 brings in all of the CGI short¬ 
cuts as functions rather than methods. 

Lines 7 through 13 give our program a bit of memory 
using the Cache::Cache module subclass, Cache::FileCache. 
The Cache::Cache suite is found in the CPAN, and is being 
actively developed by DeWitt Clinton. 

Here, we’re setting up a cache that remembers things for 
ten minutes. Once an hour, the next lucky participant gets 
to perform the housekeeping by purging old entries. This 
way, if anyone leaves in the middle of trying to present a 
survey form, the resulting mess only stays around for up to 
an hour. The namespace is also defined. It’s unique to this 
particular application, and I’ve arbitrarily called it 
anti robot. Beginning in line 15, we handle the image 
generation logic. Because that won’t make much sense 
until we see how the inline image is used, I’ll skip that for 
the moment, and jump down to line 44. 

Lines 44 to 46 print the standard HTTP header, the top 
of the HTML head, and an in-page first level header to label 
the page. Lines 48 to 62 handle the response to the form. 
Again, as that won’t make much sense until we’ve seen the 
form, so I’ll set that aside as well. 

Lines 64 to 74 set up a $veri f y string and a Ssessi on 
value, and store them in the persistent cache. The verify 
string is eight random characters. To make sure it’s fairly 
distinct even in courier font, 1 throw out the ten confusing 
characters in the character class on line 65 (two digits, and 
four letters in both lower and upper case). The session ID is 
designed to be unguessable, so 1 lifted the code from 
Apache::Session (as I’ve done in past columns), to generate 
a non-predictable 64-character hex string. 

The strategy is simple. We provide a challenge (the 
$veri f y value) known only to the server, but keyed by the 
unique session ID (the Ssessi on value). This challenge is 
presented only as an image link, and a hidden field commu¬ 
nicates the session ID from the form to the form response 
action. If the response does not match the challenge, we 
have a mismatch and must start over. 

The form must contain at least two things, an image link 
that contains the session ID, and a hidden field that con¬ 
tains that same session ID. The hidden field is set in line 73, 
and printed in line 85. The image link is generated in line 83. 

It refers back to this same script, but with trailing informa¬ 
tion that contains the session number followed by . png. 

Line 15 detects this on the subsequent invocation, but let’s 
finish off the form first. 

Lines 76 to 87 generate the form, including our one 
survey element: a request for the user’s favorite ice cream 
flavor. We also have to include our hidden session field, the 
link to the image, and the text field for the user’s response 
to reading the image, to determine the string in $verify. 

Let’s see how that image is generated, starting back in 
line 15. First, we notice that the script is invoked with some 
path info. For example, if the session ID were alb2c3 (and 
assuming the script is called antirobot), we’d get the URL: 

http: //www. Stonehenge.com/cgi/anti robot/ 
alb2b3.png 

This URL was constructed in line 83, and was automati¬ 
cally adjusted for the installed location of the script. Line 

15 pulls out the /alb2c3 . png part into $i nf 0. Lines 16 
to 21 verify that this is a plausible URL for a session image. 

If not, a “404 not found” response is generated, which 
makes sense. You’ve asked for a file within a directory 
that doesn’t exist. 

Next, lines 23 to 28 extract the secret $veri f y string for 
this session, which was computed in the previous invoca¬ 
tion and saved to the database in line 74. Again, if this 
doesn’t exist, it’s either a replay attack (a valid session key 
is being reused to submit another vote) or a forge attack (in 
which a session ID is being randomly generated to see if it 
might be a valid credential). Because of the huge number 
space of a 256-bit MD5 value, a brute force attack is unlikely 
to succeed, but in any case, we return the “404 not found” 
code here as well. (The warnings generated in line 25 would 
definitely be of some concern, however, and should be 
watched closely.) 

If we have a valid session, and therefore, the verification 
string for that session, we must next make an image of 
the string. Three popular tools for doing this are GD, 
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1 #!/usr/bin/perl -w 

2 use strict; 

3 $ I++; 

4 

5 use CGI qw(rail); 

6 

7 use Cache::FileCache; 

8 my {cache = Cache::FileCache->new 

9 ({namespace => ‘antirobot’, 

10 username => ‘nobody’, 

11 default_expires_in => ‘10 minutes’, 

12 auto_purge_interval => ‘1 hour’, 

13 )); 

14 

15 if (length (my $info = path_info())) ( # I am the image 

16 my ({session) = $info =~ m(\A/([0-9a-f]+)\.png\z)i 

17 or do { 

18 warn(“bad URL Sinfo”); 

19 print header(-status => ‘404 Not Found’); 

20 exit 0; 

21 ); 

22 

23 defined(my {verify = {cache->get({session)) 

24 or do { 

25 warn(“Cannot find {session”); 

26 print header(-status => ‘404 Not Found’); 

27 exit 0; 

28 ); 

29 

30 ## make up an image from the verify string 

31 require GD; 

32 

33 my {font = GD::gdGiantFont(); 

34 my {image = GD::Image->new(2 + (font->width * length {verify, 

35 2 + {font->height); 

36 my {background = {image->colorAllocate(0,0,0); 

37 ## {image->transparent({background); 

38 my {ink = {image->colorAllocate(255,255,255); 

39 {image->string({font, 1, 1, {verify, {ink); 

40 print header(‘image/png’), {image->png; 

41 exit 0; 

42 ) 

43 


44 print header, 

45 start_html(“Vote for your favorite!”), 

46 hl(“Vote for your favorite ice cream flavor!”); 

47 

48 if (defined(my {verify = param(‘verify’))) { 

49 Delete(‘verify’); 

50 if (defined (my {session = param(‘session’ ))) < 

51 Delete(‘session’); 

52 if (defined (my {validate = {cache->get({session))) ( 

53 {cache->remove({session); # one chance is all you get 

54 if ({validate eq {verify) ( # success! 

55 ## would save param(‘flavor’) here 

56 print h2(“Thank you!”), p(“Your vote has been counted.”), 

end_html; 

57 exit 0; 

58 ) 

59 print p(“Sorry, please reenter the security string exactly 

as shown!”); 

60 ) 

61 ) 

62 ) 

63 

64 my {verify = do { 

65 my cDcharset = grep !/C10joli]/i, 0..9, ‘a’..’z’, ‘A’..’Z’; 

66 join “”, map < {charsetCrand cDcharset] ) 1..8; 

67 }; 

68 

69 my {session = do { 

70 require MD5; 

71 MD5->hexhash(MD5->hexhash(time.O.rand () .{{)); 

72 ); 

73 param(‘session’, {session); 

74 $cache->set({session, {verify); 

75 

76 print hr, startform; 

77 print p(“Your favorite ice-cream?”); 

78 print radio_group(-name => “flavor”, 

79 -values => [qw(None Other Chocolate Vanilla 

Strawberry)], 

80 -default => “None”, 

81 -columns => 1); 

82 print p(“For security purposes, please enter”, 

83 imgUsrc => url() .’’/{session.png”)) 

84 textfield(-name => “verify”)); 

85 print hidden(‘session’); 

86 print br, submit, endform, hr; 

87 print end_html; 


Imager, and the steroid-laden lmage::Magick 
modules, all found in the CPAN. As this was a 
simple task, I chose GD, which I brought in at 
line 31. I’m using a fairly recent version of GD 
that writes PNG files. Older versions generate 
the controversial GIF format, which also works. 

Line 33 selects the giant font built in to the 
GD package. Lines 34 and 35 create an image 
that’s big enough to hold the string and a 
one-pixel border. Line 36 allocates the back¬ 
ground color as black (red, green, and blue 
values all zero). Line 37, when uncommented, 
makes this background transparent. I realized 
that the output would then be sensitive to 
the background color of the HTML page, so I 
commented that out at the last minute. You 
might want to experiment with it. 

Lines 38 and 39 write the string. They first 
create a white ink (red, green, and blue values 
all 255—their maximum) and use that to place a 
string, which is offset by one character in each 
direction to maintain the border. Finally, line 
40 pushes the image out with the right HTTP 
header for a PNG, and line 41 terminates this 
particular CGI invocation. 

When I was discussing this program with my 
peers, a few suggested that using an automated 


tool to perform optical character recognition 
on the image would be enough to extract the 
verification string programmatically. If some¬ 
one is going to that extreme, and if it were 
important enough to me, I’d start using low- 
contrast letters, gradients, or background 
grids. But we’ve raised the bar to a point at 
which most people won’t bother trying to get 
around it (although a few might take it on for 
the challenge). 

Once the form is filled out, we pass it to 
the standard, response-handling structure 
beginning in line 48. First, if veri f y is 
returned, then it was a form response. If 
sessi on is also included, then we fetch 
that session from the cache. If it exists, we 
remove it from the cache, thus prohibiting 
the chance of a replay attack: only one form 
response can possibly use a given session/ 
validation pair. Note that there’s a very small 
time window between checking for the 
session and removing that valid session, 
which can lead to the validation of multiple 
submits. Again, if we take a little more care 
in programming, we could eliminate that 
(using a read/modify/write-locked database, 
for example), but again, I think we’ve raised 


the bar enough to deter all but the most seri¬ 
ous ballot-stuffers. 

In line 54, if we have a match between the 
challenge (in $ validate) and the response 
(in $verify), then we have a real human who 
has correctly examined the image, figured out 
the original letters and digits, and typed 
those back in. In that case, we record the real 
human’s vote in line 55 (code not shown. You 
could save it to XML as I showed in last 
month’s column, for example). Otherwise, line 
59 punts your user back to the form again (as 
described earlier). Note that the hidden fields 
for the form values do persist, so users won’t 
need to reselect the ice cream flavor, but they 
will receive a new session ID and validation 
string. 

And there you have it. A complete imple¬ 
mentation of a robot-ballot-stuffing-proof 
survey form. This will work until someone else 
publishes instructions on how to programmati¬ 
cally extract a text string from an image, 
anyway. Until then, enjoy! >< 

Randal (merlyn(a)stonehenge.com) has coauthored 
the must-have standards Programming Perl, 
Learning Perl, and Effective Perl Programming. 
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Komodo for ^ 

Linux Release Candidate 4 

ActiveState 

www.activestate.com 

$295 


\\\\\W 


Mozilla-Based IDE 

Those of us who develop applications using 

non-Windows platforms learned to develop on 
our own, which is to say, without the assistance 
of companies that make nice, graphical, inte¬ 
grated, development environments (IDEs). But as 
Linux makes its presence known in the Internet 
server market, it only makes sense that develop¬ 
ment (and specifically, Web-scripting develop¬ 
ment) would gravitate toward spiffier tools that 
recognize a heterogeneous computing world. 
When Komodo—ActiveState’s cross-platform 
IDE—first emerged, it attracted attention 
because ActiveState chose to build it on Mozilla, 
the technology behind version 6 of Netscape’s 
Web browser. Mozilla’s homegrown object 
model, XPCOM, gives Komodo its flexibility. 

Comprehensive Language 
Support 

Komodo provides a range of support for various 
programming languages; Perl, PHP, Python, 
JavaScript, Td, and XSLT are the most fully 
supported. Python, Perl, and PHP are the most 
feature-rich languages, but only when binaries 
for each of these interpreters already exist on 
your system. In Python’s case, Komodo will 
check code syntax, highlight the reserved word, 
and auto-suggest function calls without a 
Python executable, but it won’t let the debug¬ 
ger run. For PHP, it won’t debug or check syntax 
without a PHP executable, but it will perform 
syntax highlighting and auto-completion. Perl 
is a bit different. There’s no auto-completion 
whether you have the Perl interpreter or not. 
Without the Perl interpreter, you can’t debug 
Perl scripts or check syntax automatically, but 
you can view syntax highlighting and use the 
regular expression debugger (more on this 
later). The JavaScript support is fairly handy 
with syntax checking and highlighting. Td is 
also supported without syntax checking or the 
debugging option. 

The XSLT features are a good addition and 
round out Komodo as a Web scripting platform. 
Komodo’s ability to debug the XML transform 
of a remote XML file with a local XSLT file is 
powerful. 


Komodo supports many other languages to 
some degree, but I don’t recommend using it for 
advanced development on most of them. For 
example, you may choose to create C++ files 
with the New button, but the only feature avail¬ 
able is syntax highlighting. 

Ease of Use 

Komodo is incredibly simple to start. Upon 
launching the application, you’re presented 
with three options: Create New Project, Open 
Existing Project, and Open Sample Project. 
When you select Create, Komodo prompts you 
to choose a directory and project name. Open 
Existing Project does exactly what you’d 
expect: A dialog asks you to choose a project. 
Open Sample Project gives you access to an 
excellent set of examples covering many of 
Komodo’s features. PHP, Perl, Python, Tel, and 
XSLT files are featured in the sample project. 

The examples within the sample project give 
you a broad overview of how you can use 
Komodo as a development environment. Using 
the sample project, I was able to identify 
syntax errors, step through programs, and 
debug regular expressions. A word of caution: 
the differences in support for each language 
can make development somewhat tricky if 
you’re using multiple programming larguages. 
For example, trying to load a Perl module that 
doesn’t exist immediately triggers an alert that 
shows up as a wavy line underneath the mis¬ 
spelled or nonexistent module. Unfortunately, 
performing the equivalent in Python—loading a 
non-existent module—doesn’t trigger any sort 
of alert. 

Komodo also lets you debug Perl, Python, 
and PHP scripts remotely, though this cer¬ 
tainly isn’t for wimps or developers who are 
new users of these languages. You can run a 
script on a remote machine and debug it 
locally in Komodo. For this you must change 
settings on the remote machine so that the 
respective language knows it’s being debug¬ 
ged on another machine. You can then set 
Komodo to listen for the remote program and 
react accordingly. This is somewhat difficult 
to set up, and the remote debugging feature 
may actually be worthless if you don’t have 
the required permissions on the remote 
machine. Moreover, if you’re behind a fire¬ 
wall, the value of this feature would be 
further reduced, as you would need to open 
specific ports for incoming traffic. Network 
administrators are generally loathe to do this, 
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and for good reason. At the end of the day, 
however, assuming you have firewall 
compliance, requisite permissions, and the 
administrative chops to set this up, this is a 
great feature to have. Also, in fairness to 
ActiveState, many of the potholes associated 
with setting this up lie in the limitations of 
the programming languages themselves, not 
Komodo. 

Another pleasant surprise was the wealth of 
documentation available with Komodo’s online 
help. Not only does it have the standard 
rundown of how to use Komodo features, but 
it also has a reference on regular expressions 
and extensive documentation for Perl and 
Python. Missing, unfortunately, was any PHP 
documentation aside from instructions on how 
to get PHP to work with Komodo. Developers 
will have to consult the PHP Web site at 
www.php.net, which has an excellent language 
reference. 

Another missing feature that would have 
added to the Komodo experience is an interface 
to version control software, such as CVS, 
Subversion, or SourceSafe. After all, much 
development these days is accomplished in 
multi-user environments where many develop¬ 
ers have access to the same files. It would be 
nice if Komodo included the ability to check in 
or check out project files. 

Overall, Komodo provides powerful features 
for anyone developing software with PHP, Perl, 
Python, Td, JavaScript, and XSLT. The array of 
programming languages it supports makes 
this one of the more flexible IDEs available. 

The interface is intuitive for developers who 
are learning a language as well as for those 
with more experience. However, with some 
additional features, Komodo could become 
more friendly to multi-user environments. 

-John Mark Walker 

Mark is foundry manager of SourceForge.net, a 
member site of OSDN. You can reach him at 
jmwalker(a)val inux.com. 
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Macromedia 

www.macromedia.com 

$1999 (three-user license) 

$499 for each additional license 

Collaborative Site Building 

Sitespring 1.0 is the newest product from 

Macromedia. It’s designed for managing Web 
site content, assigning tasks to team mem¬ 
bers, creating activity reports, and providing 
project file version control. Its features 
include threaded discussion lists and the 
ability for your customers to approve content 
online. Most project activity and administra¬ 
tion is done via a Web browser. While this 
product doesn’t have the same flash (excuse 
the pun) as products like Dreamweaver Ultra- 
Dev, Sitespring will make life easier for small- 
to medium-size Web teams. 

Sitespring’s installation routine is easy and 
comprehensive. I was a little apprehensive 
when I noticed that the product uses 
JavaServer Pages (JSP), because my system 
runs Microsoft Internet Information Server. 
However, my concern was groundless. The 
installer does literally all of the work to set 
up its own Java-based server. It checks the 
server for minimum requirements—at least 
256MB of RAM and the NT file system (NTFS). 
Then, the setup wizard installs and config¬ 
ures a Sybase database and Allaire’s JRun as 
the Web server environment. Before you 
know it, the installer launches the adminis¬ 
trator’s login page in your default Web 
browser. The first-time system initialization 
can take some time, so take a coffee break 
before you assume that Sitespring has hung. 
Although the documentation says that the 
software requires Windows NT Server or 
Windows 2000, my copy ran fine on Windows 
XP Professional. 

Sitespring screens are crisp and business¬ 
like. The colors and rollover effects keep the 
interface from being drab and utilitarian, but 
without providing so much dazzle that it’s 
distracting. Dropdown menus and cookie 
crumbs ensure efficient navigation and keep 
users oriented. 

I started as the administrator in Sitespring, 
adding a project manager with rights to add 
and remove projects, users, tasks, and to 
publish files to project sites. This is as simple 
as navigating to the User Management 
page, clicking on the Add button, and filling 
in a form. 


Next, I logged in as the project manager. 

But before you have a project to manage, you 
should have a client (or customer), so I add 
a client name first. Again, this is a simple 
HTML form with the information stored in a 
database. 

While creating my project, I consulted the 
online Help to learn these tasks faster. The Help 
screens, also in HTML and Flash, walk you 
through key steps such as setting up a new 
project and configuring tasks. The embedded 
Flash movies display the procedural steps as 
both text and animated graphics. An arrow 
points to where you should click, and the 
movie displays the application’s response. This 
kind of help is fast, simple to comprehend, and 
a great use of the technology. However, I 
confess that I’m a bit old-fashioned, and still 
appreciate that the boxed version of Sitespring 
ships with printed user manuals covering 
complex tasks. 

Once I had a client, I could add a project 
and assign myself (the project manager) as 
its owner. 

It’s common to have a project Web site as 
a virtual office or meeting room for team 
members to interact, stay current, and fetch 
design documents. Sitespring generates 
starter project sites for you with just a couple 
of mouse clicks. Locating the project site 
outside of your firewall lets you give clients 
easy access to it. With this access, they can 
send and receive files, approve changes, and 
view sample pages. A threaded discussion 
list collects comments and acts as a histori¬ 
cal record of decisions and commitments. 
With Sitespring, you can configure the sys¬ 
tem so that the customer is intimately 
involved in approvals and discussion threads, 
but can’t see team tasks or the project status 
reports. 

I found the project site design less intuitive 
than the Sitespring interface. For example, 

I successfully uploaded a file as one user, 
but when logged on as the file’s intended 
recipient, it wasn’t clear where I could retrieve 
the file. 

Returning to the main Sitespring interface, 

I was disappointed with the project file oper¬ 
ations. Sitespring’s File Explorer (a utility 
built in Flash) creates an attractive display of 
the directories and folders the project uses. 
However, as the documentation phrases it, 
“Sitespring File Explorer is not intended for 
moving, adding, or deleting files or folders.” 
Instead, File Explorer and its sidekick utility, 
Sitespring Helper, map the UNC path of the 
server’s file directories (such as \\p35op\ 
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Sitespring) to a virtual drive. You actually 
save files using Windows Explorer, which is 
conveniently opened to the chosen directory. 
This is a somewhat awkward kludge, but it 
works. You can upload files from Sitespring’s 
own browser interface, however. Editing a file 
from within File Explorer works well; Sitespring 
launches the default application for the file’s 
extension. 

Sitespring has a rudimentary version 
control system, called transparent versioning, 
that transparently monitors file directories 
and instantly grabs a safety copy whenever 
there’s a change. For example, when I copied 
a new version of lauren.png into a project 
folder, the old version immediately appeared 
as lauren-ooi.png in the .revisions subdirec¬ 
tory. However, you can add comments to file 
versions to explain what has changed. A 
small Information icon next to the filename 
in File Explorer indicates that there’s an 
attached comment. 

When a project member logs in, Sitespring 
displays a convenient, collapsible summary of 
personal projects, tasks, discussions, and 
reports. The entries are hyperlinked to the 
detail pages for quick access. Although 
the browser is the primary tool with which 
project members view and update their tasks, 
Dreamweaver and Dreamweaver UltraDev 
developers can do so from within those tools 
using a free, downloadable extension. 

Overall, Macromedia has produced a valu¬ 
able and efficient tool for workgroup collabo¬ 
ration and organization. It’s easy to learn and 
works as advertised, even though the file 
operations could be improved in parts. While 
not as fun as other Macromedia products, 
Sitespring should save project teams time, so 
that they can work on more creative Web 
development tasks. You can download a trial 
copy at www.macromedia.com/software/ 
sitespring/trial. 

—Ken Cox 


Ken is a technical writer, Web developer, and 
Microsoft MVP in Toronto (kjopc(a)hotmail.com). 


december 2001 www.webtechniques.com 45 











infrastructure 


AT YOUR 
SERVER 


Investing in a costly J2EE application server can power up your 
infrastructure. But is it overkill? 


Jim Jagielski 


online 

resources 

Need more JavaBeans? 
How about JSPs? Try 
these links. 


It Don’t Amount 



In all aspects of life, there are status symbols: The kind of 

car you drive, the kind of house you live in, your brand of 
beer, and so on. If you have a choice, you can bet status is 
applied to the variations. Technology is no exception. 

Status symbols even exist in Web infrastructure design— 
and I’m not talking about the type of servers you’re running, 
or how much memory they have, or the kind of bandwidth 
you have access to. I'm talking about application servers. 

It’s almost a badge of honor when your site infrastruc¬ 
ture has grown to include a dedicated Java 2 Enterprise 
Edition (J2EE) application server. Mention that you're using 
PHP or mod_perl—“What? Still!?!”—and it’s assumed that, 
well, you’re just not in that enterprise league yet. 

Once you do migrate to a J2EE application server, there’s 
still certification to contend with. If your server supports 
only part of the J2EE specification—say, it supports servlets 
and JavaServer Pages (JSP) but not Enterprise JavaBeans (EJB), 
or it’s not fully J2EE certified—that’s seen as a disadvantage. 

Given all of this peer pressure (both internally and exter¬ 
nally; after all, how you’re perceived by your present and 
future customers is important), it isn’t a surprise that so 
many companies are implementing solutions based on high- 
end, high-priced application servers. But is that a wise choice? 
If the current market adjustment has shown us anything, it's 
that needless spending is a dangerous strategic decision. 
There are three fundamental ways of handling application 
logic: server-side scripting languages, fully certified J2EE 


serving java 


The Tomcat home page, part of the ASF’s Jakarta project. 

jakarta.apache.org/tomcat/ 

Enhydra, another open source Java/XML application server. 

enhydra.enhydra.org 

Lutris, Enhydra project sponsor and vendor of the Lutris EAS 
J 2 EE server. 

www.lutris.com 

Specifications for Java technologies, including JavaServer 
Pages and Java Servlets. 

java.sun.com/products/servlet/ 

java.sun.com/products/jsp/ 

Home of the Java Servlet and JSP Specifications. 

java.sun.com/j2ee/download.htmlttplatformspec/ 

The OpenEJB Open Source EJB 2.0 Container project. 

openejb.exolab.org 

The Jboss EJB Open Source Container site. Has better Tomcat 
integration than OpenEJB, at present. 

www.jboss.org 


servers, and JSP/servlet servers. Each has its niche, but one 
tends to be overlooked—to the detriment your infrastruc¬ 
ture, as well as your wallet. 

I’ve seen infrastructures based on PHP or mod_perl that 
were very much enterprise quality (whatever the heck 
that means). For those companies, the cost savings were 
significant, and they could use those extra resources on 
other, more demanding tasks. I’ve also seen companies that 
have the best software that money can buy; yet their pres¬ 
ent and future requirements don’t even begin to scratch 
the surface of its capacity. 

This may sound like an attack on J2EE and EJB, but I 
assure you that’s not the case. However, it is a reaction to 
the growing sentiment that unless you’re using J2EE with 
EJBs, you are, in effect, doing it wrong. 

Scripting Languages 

I disagree with the common perception that server-side 
scripting languages like ASP, PHP, or Perl are only good for 
low-end solutions. This belief may have been perpetrated 
because the so-called enterprise level solutions (most 
notably, J2EE with EJB) are so poorly suited to low-end appli¬ 
cations that they’re rarely used in those cases. 

Because we see scripting used primarily in low- and mid- 
level implementations, it’s tempting to assume that’s where 
they belong. However, there are many implementations that 
I would consider high end and enterprise level that use just 
these technologies. 

The real problem with scripting solutions is that they’re 
tightly bound to a Web server. You can compartmentalize 
your code and separate the different logics as required, but 
often that isn’t enough. As your application scales, you 
need its horsepower to scale as well, without your Web 
front end tagging along for the ride. 

You can, of course, have a single public-facing Web server 
that serves as a reverse proxy to a cluster of ASP/PHP/ 
mod_perl Web/application servers on the back end. Those 
servers are still basically Web servers, they just happen to 
be handling applications. This design doesn't lend itself to a 
nice, clean division. 

J2EE with EJBs 

The high-end J2EE application servers, from such vendors 
as BEA and IBM, represent the other end of the spectrum. 
Typically, these are fully J2EE compliant, which implies 
support for EJB and messaging (because J2EE certification 
requires these capabilities). 

For those organizations that take full advantage of code 
reuse and the other capabilities of Enterprise JavaBeans, a 
certified J2EE server is a must (well, almost, as I’ll explain 
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later). The higher-end servers also tend to offer 
more robust clustering capabilities, with fail¬ 
over, fault tolerance, state and session sharing, 
and high transaction throughput. 

These application servers also excel at 
maintaining the separation between Web 
server and application server. Typically, front- 
end Web servers are used to pass requests via 
lower-level binary protocols to application 
servers that live safely and securely on the 
back end. 

However, in the majority of cases, these 
solutions’ most advanced capabilities (namely 
EJB) go unused. Instead, the servers are used 
almost exclusively as servlet engines. I've seen 
various analyst reports from companies like 
TechMetrix and Gartner Research indicating 
that 80 to 90 percent of the Java implementa¬ 
tions currently in service make no use of EJB. 

And that’s the concern. Simply because an 
application server is J2EE certified doesn’t 
mean that it’s a better, faster, or more reliable 
server when it comes to JSP or servlets. 

Servlets and JSP 

Even if your infrastructure includes one or 
more J2EE servers, you should still consider 
servlet/JSP-only servers to complement your 
stable. Although I’m a big fan of commonality 
and standardization, using high-end and high- 
cost J2EE servers throughout your infrastruc¬ 
ture to satisfy a few sparse EJB requirements 
doesn’t make sense. 

Servlet/JSP servers handle a wider range of 
tasks in a more cost effective and resource effi¬ 
cient manner than either of their simpler or 
more advanced brothers. By offloading servlets 
to a dedicated servlet/JSP server, you provide 
more server resources for the true EJB runs. 
Servlet engine footprints are smaller than their 
j2EE-certified counterparts, as well, meaning 
you can use lower-end hardware for your 


application infrastructure and still receive 
excellent performance. 

By offloading servlet duties, chances are 
good that the server type you need to handle 
your EJB requirements can be downsized. I’ve 
seen organizations move from one heavy duty 
server running their full Java needs to two 
much smaller servers: one running a servlet 
engine and the other the J2EE implementation. 
The cost savings in hardware alone are impres¬ 
sive. If you aren’t using EJB or Java messaging, 
and don’t plan to in the future, the cost and 
resource savings from choosing a servlet/JSP 
solution over a j2EE-certified one are even 
more clear. 

What’s more, if you still rely on server-side 
languages like PHP or ASP, these often can co¬ 
exist well with your Java servlet environment. 
PHP, for example, has an extremely good Java 
interface, and you can use it instead of JSP if 
you like. Also, time to market is often impor¬ 
tant, and scripting languages typically have 
shorter development cycles than Java. 

The Road to EJB 

If you plan to migrate to full J2EE, you needn’t 
sacrifice future growth, either. Starting your 
application development using servlet and JSP 
technology makes the path to full J2EE func¬ 
tionality via EJBs that much easier. True EJB 
containers are currently being developed that 
could be added to existing J2SE servers to 
provide the missing Enterprise Bean func¬ 
tionality. 

For example, I’ve been following ExoLab’s 
OpenEJB project for a while, and it holds a lot 
of promise. In addition to being a full EJB 2.0 
compliant container, it supports both state¬ 
less and stateful session beans, as well as 
both Bean-managed and container-managed 
persistence. Jboss is another cool EJB con¬ 
tainer. Tomcat, in conjunction with either of 


these packages, could satisfy any future appli¬ 
cation server needs. 

However, you still won't have the J2EE certifi¬ 
cation, which can be a major factor for some. 
Even though you’re using all aspects of J2EE, 
there are some pretty serious conflicts between 
traditional open-source licensing and the J2EE 
license. 

In fact, Lutris used to offer a J2EE version of 
its open-source Enhydra Java/XML server, called 
Enterprise Enhydra. Because of J2EE licensing 
restrictions, Lutris recently stopped hosting it. 
Lutris was simply unable to come up with an 
open-source license that was compatible with 
the J2EE terms. Either by accident or design, 

J2EE licensing and certification seem to pre¬ 
clude an open-source solution, regardless of 
functionality. Instead, the Enhydra site now 
points to the commercial, closed-source Lutris 
EAS product for developers who need J2EE 
functionality. 

Money in the Bank 

It certainly isn’t true that in all cases you get 
what you pay for. It is a fact of life, however, 
that sometimes you have to pay for the things 
you need. I love open source, but not because 
it’s free. I have no problem paying for quality 
software and capability, but I don’t think you 
should pay for more than you’ll use. 

If you’re in the market for an application 
server, or are considering streamliningyour 
application server infrastructure, maybe the 
use of servlet/JSP servers will drastically reduce 
your bottom line. More importantly, however, 
this cost-effective solution might be the best 
way to gain the capabilities you need, without 
a lot of extra overhead. >< 

Jim is a core developer of Apache, a member of the 
ASF board, and a senior consultant for Covalent 
Technologies. Contact him at jim(a)jaguNET.com. 


the cat’s out of the bag 


Although several Java/servlet solutions are 
available, my preferred server is Tomcat, the 
Apache Software Foundation’s Java Servlet and 
JSP reference implementation. Tomcat fully sup¬ 
ports standalone servlet containers, as well as 
those in process and out of process. 

Version 3.2.3 is the latest production release of 
Tomcat, which implements the Servlet 2.2 and 
JSP 1.1 specifications. As of this writing, the 
next big release, version 4.0, had just been 
unveiled. This version implements Servlet 2.3 
and JSP 1.2, and it also introduces Catalina, a 
new servlet container based on a completely 
redesigned architecture. 


There are a few reasons why I like Tomcat as 

much as I do: 

• It’s incredibly stable. Any application server 
that isn’t robust is worthless. 

• It’s fast. Of course, this depends on the JVM 
you’re using, but Tomcat is an extremely 
peppy performer, even on modest hardware. 

• It’s open source. That’s good for all of the 
usual reasons. 

• It has excellent Apache integration. I’m see¬ 
ing a lot of organizations standardizing on a 
Web front-end based on Apache, so the more 
tightly the application server integrates 
with Apache, the better. 


• It’s a reference implementation of the spec¬ 
ifications. I don’t like worrying about ven¬ 
dor specific enhancements or implementa 
tions. By basing your application under a 
reference standard, you decrease your ven¬ 
dor dependency. 

If you’d like to try it for yourself, Tomcat is 
available on the Apache Foundation’s Jakarta 
project home page (jakarta.apache.org). Another 
good application server you can try is Enhydra 
(www.enhydra.org). It’s also open source, and 
has a strong user and developer following. 

-JJ 
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Amos Latteier 


Smooth Develop ment 

with Zope Page Templates 


Thinking about a new templating system for your Web site? How 

about one that actually fosters collaboration between designers and 
programmers, instead of hindering it? 

Most templating systems such as ASP, JSP, and PHP use special tags or 
entities to indicate dynamic content. Templating tags create problems. 
For instance, these special tags can turn your template into invalid 
HTML, which often upsets HTML editing tools. Your editing tools might 
not let you easily edit special tags, or worse, they might change or 
delete unrecognized tags. 

In addition, templating tags may not display correctly in Web 
browsers during the testing phase, and may also preclude you from 
including dummy content in your template. This problem limits your 
ability to develop and change templates without first connecting them 
to a working application, and may require ongoing assistance from a 
programmer or administrator. Collectively, these problems slow you 
down and restrict your ability to develop application templates as 
quickly and easily as you can develop static HTML pages. 

Introducing Zope Page Templates 

Zope Page Templates (ZPT) represents a different approach to templat¬ 
ing. It provides a practical way to build a presentation layer for Web 
applications, while allowing HTML designers and programmers to work 
together in the development process. 

Rather than providing special tags for templating, ZPT adds attributes 
to existing tags, similarly to how CSS decorates HTML pages. By using 
attributes instead of tags, you preserve the validity of your HTML and 
dummy content. Attributes are defined in the templates’ own XML 
namespace to ensure that the attributes don’t interfere with your HTML 
or XML. Most HTML editing tools ignore ZPT attributes rather than 
removing them. Plus, you can easily preview templates in a Web 
browser, because they contain valid HTML with dummy content. 

ZPT will be built into Zope as of version 2.5. At the time of this writ¬ 
ing, however, you must download it from Zope.org (dev.zope.org/Wikis/ 
DevSite/Projects/ZPT). The rest of this article assumes that you have 
Zope and Zope Page Templates up and running. But even if you don’t, 
you can still follow along and learn about how they work. 


Your First Template 

To create a template, log in to the Zope management interface and 
select Page Template from the Product Add list. Give your template the 
ID “hello.html” and the title “User Name,” then click Add and Edit. You 
will be taken to an editing screen. Change the template contents to: 

<html xmlns:tal="http://xml.zope.org/ 
namespaces/tal"> 

<p tal:content="template/getUserl\lame"> 
username goes here</p> 

</html> 

Now render the template by clicking the Test tab. You should see a 
message containing your user name, for example, amos. The HTML 
source of the rendered template looks like this: 

<html> 

<p>amos</p> 

</html> 

When you render the template, the tal: content attribute replaces 
the dummy contents of the HTML <p> tag with your user name. The 
tal: part of the attribute name is an XML namespace prefix. It refers to 
the tal XML namespace declaration, and tells Zope that the attribute is 
used by ZPT. Zope doesn’t actually require that you include the HTML 
namespace declaration, so we’ll omit it in the rest of the examples. 

The value of the tal: content attribute refers to the getUserName 
method of the current user object. Most template expressions use paths 
to reference parts of your Web application, which you can use to build 
dynamic content. Now, let’s look at an application. 

Building an MP3 Catalog 

Our example application is an MP3 catalog that lets people search for 
and download MP3 files. The application uses a single template to 
display information about all MP3S, instead of having an HTML file for 
each MP3. (You can find the full code for this application online.) 
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For this application, we’ll rely on Marc Bowery’s “Audio” Zope 
add-on (www.zope.org/Members/bowerymarc/Audio), which creates 
Zope objects from audio information stored in MP 3 files. Once you’ve 
created an Audio object, you can apply a template to that object. This 
lets you use the template to display information about the object. 

For example: 

http://localhost:8080/Example/my_song.mp3/song.html 

This URL tells Zope to apply the template song. html to the Audio 
object my_song.mp3. 

An Application Template 

Listing 1 shows the code for an application page mock-up, consisting of a 
download link and a table with information about an MP 3 file. So far, this 
is just a static HTML file with no dynamic content, only dummy data. Now 
compare this code to Listing 2 . Notice that the code in Listing 2 is still 
valid HTML and still contains dummy content, but special attributes have 
been added to the code’s HTML tags. 

For example, the expression here/songname in line 7 tells Zope 
to insert the songname property of the audio object into the <hl> 
tag. The here part of the expression refers to the object to which 
the template is applied (which in this case is the Audio object). The 
arti st and genre properties have been made dynamic in the 
same way. 

The album table entry is more complex. It has two kinds of dynamic 
content (the album title and the year) inside one <td> tag. We can’t use 
the tal: content attribute to create this element the way we’ve been 
creating others, as that attribute replaces the content of a tag with 
a single value. Instead, we use tal:replace. When Zope renders a 
tal:replace tag, it inserts the dynamic content, but removes the 
enclosing tag. The <span> tag is a good choice in this case, because 
Web browsers ignore it. Hence, the template and the rendered output 
look the same. 

We could also get the job done by using tal: content with a 
stri ng expression. So far, all of the attribute expressions you’ve seen 
consist of a path to an object property or method. Zope Page Templates 
also provide you with a few other types of expressions, including 
string expressions for string formatting, and python expressions for 
simple Python expressions. See the TALES documentation at Zope.org 
for more information on expressions. 


Here’s how to use a string expression to create the album table entry: 

<td tal:content="string:${here/album) 

(${here/year>)">Cocktail Hour (1999)</td> 

The string expression references the here/album and here/year 
properties and places them together in a string with parenthesis around 
the year. String expressions work similarly to Perl variable interpretation 
inside strings. 

Using Python 

The dynamic download link in Listing 2 is an interesting case. We could 
have simply inserted the size with the tal:replace attribute on a 
<span> tag, using the here/getSi ze method. However, if you tried it 
you’d notice that the file size returned is way too big. The getSi ze 
method returns the size of the MP 3 file in bytes, not megabytes. 

To solve this problem, we could use this Python script to do the 
conversion: 

## Script (Python) "songjnegs" 

fl ll II 

Size of an audio file in megabytes. 

11 11 11 

megs=context.getSize() / 10A8576.0 

return "%.2f" % megs 

This script divides the song’s size in bytes by 1 , 048,576 and formats 
the results as a two decimal number. It demonstrates how Python 
scripts can work as glue between your application logic (the Audio 
object) and presentation (the template). 

Sometimes it’s overkill to create a Python script when all you need is 
a simple ca culation. Python expressions let you use trivial bits of 
Python in your template. Instead of writing a Python script to convert 
bytes to megabytes, you can use a Python expression like so: 

<span tal:replace="python:'%.2f' % 

here.getSize()/1048576.0">4.17</span>M 

Python expressions begin with python : and evaluate simple 
Python expressions in a security-restricted environment. This exam¬ 
ple is about as complex as a Python expression should get. In general, 


zope page templates—not just for zope anymore 


Zope is an open-source application server that helps developers create 
dynamic Web applications quickly. It supports open standards like XML- 
RPC, DOM, and WebDAV, as well as providing access to databases and 
legacy data. 

Zope Page Templates (ZPT) will be integrated as a core component of Zope 
in its next release. The combination makes for a great development plat¬ 
form. However, if you prefer a different environment, that won’t neces¬ 
sarily stop you from enjoying ZPT’s elegant design. 

As of this writing, several other application frameworks vendors are con¬ 
sidering implementing ZPT in their products. ZPT is an open standard, 
described by three technical specifications. Application frameworks ven¬ 
dors are free to implement these standards and integrate ZPT function¬ 
ality into environments other than Zope itself. 


The three standards are: 

• Tag Attribute Language (TAL). Describes the template attributes. 

• TAL Expression Syntax (TALES). Describes template attribute value 
expressions. 

• Macro Expansion TAL (METAL). Describes template macro attributes. 

The specifications themselves can be found on the Zope development Web 
site, at dev.zope.org/Wikis/DevSite/Projects/ZPT/LanguageSpecifications. At 
this time, vendors of no product other than Zope itself have made formal 
announcements about ZPT support; but ZPT’s designers fully expect sup¬ 
port to make its way into other application servers in the near future. 

-AL 
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CDOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”> 
<html> 

<head> 

<title>St. Louis Blues</title> 

</head> 

<body> 

<hl>St. Louis Blues</hl> 

<table> 

<tr align=”left”> 

<th>Download</th> 

<td><a href=”./”>StLouisBLues.mp3</a> (4.19MX/td> 

</tr> 

<tr align=”left”> 

<th>Artist</th> 

<td>Duke ELLington</td> 

</tr> 

<tr align=”left”> 

<th>Album</th> 

<td>Cocktail Hour (1999)</td> 

</tr> 

<tr align=”left”> 

<th>Genre</th> 

<td>Jazz</td> 

</tr> 

</table> 

</body> 

</html> 


/ou should use expressions for presentation work and Python 
scripts for application work, or when an expression would be hard 
:o understand. 

Other Dynamic Controls 

/Vhile the template in Listing 2 doesn’t use them, ZPT offers quite 
1 few additional dynamic controls. You can test conditions, repeat 
ags, change tag attributes, define variables, handle errors, and 
nuch more. 

For example, the tal:condition attribute displays its contents 
including enclosed tags) in the output if the condition tested is true. If 
he condition is false, the tag is omitted. This is useful for displaying 
warnings when certain conditions aren’t met, for example. 

You can loop over sequences with the talrrepeat attribute. If you 
lad a getSongs component that returned a list of Audio objects, 
ou could loop over the list and output an HTML list item for each 
iudio object. 

You can also use tal:attributes to change tag attributes. For 
xample, suppose you had a downloadLocation component that 
rovided URLs to download MP 3 S. The tal:attributes attribute 
ould dynamically rewrite the HREF attribute to reflect each URL. Most 
ften, tal:attributes is used for changing anchor links (it’s used 
i a couple of places in the full MP 3 catalog application). 

Ising Macros 

Imost all Web applications consist of a collection of Web pages. Zope 
age Templates lets you share presentation elements between 
;mplates using macros. For example, in the MP 3 catalog application 
du may want all pages to include a standard navigation bar at the top 
f the page. You can do this by declaring the navigation bar as a macro, 
>r example: 

<p metal:define-macro="header"> 

<a href="search.html">Search</a> I 
<a href="genres.html">Genres</a> 

</p> 


<!D0CTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”> 

<html> 

<head> 

<title tal:content=”here/songname”>St. Louis Blues</title> 

</head> 

<body> 

<hl tal:content=”here/songnarne”>St Louis BLues</hl> 

<table> 

<tr align=”left”> 

<th>Download</th> 

<td> 

<a href*”./" tal:content=”here/getId”>StLouisBlues.mp3</a> 

(<span tal:replace=”here/song_megs”>4.17</span>M) 

</tr> 

<tr align=”left”> 

<th>Antist</th> 

<td tal:content=”here/artist”>Duke Ellington</td> 

</tr> 

<td> 

<span tal:replace=”here/album”>Cocktail Hour</span> 

(<span tal:replace”here/year”>1999</span>) 

</td> 

<tp align=”left”> 

<th>Genpe</th> 

<td tal:content=”hepe/genpe”>3azz</td> 

</tP> 

</table> 

</body> 

</html> 

The metal: defi ne-macro attribute tells Zope that the <p> tag 
(including all tags contained therein) is a re-usable macro. You can use 
this macro in other templates with the metal: use-macro attribute: 

<p metal:use-macro="container/master.html/ 
macros/header"> 
header 

</p> 

When Zope renders this template, it finds the header macro (located in 
the master.html template) and inserts it into the template. Macros let you 
do pretty sophisticated things, like customizing shared content. However, 
we won’t get into this level of detail in this article. See the METAL docu¬ 
mentation at Zope.org for more information. 

Meeting of the Minds 

The beauty of the ZPT design is that it lets your Web team create 
dynamic Web pages naturally, by fostering collaboration between 
designers and programmers. The designers can work on the applica¬ 
tion’s presentation by generating HTML mock-ups. Then, programmers 
can add the attributes to make content dynamic. 

The designers can always change the template without disturbing, 
or even understanding, Zope Page Templates’ special attributes. They 
can even edit templates via FTP or WebDAV, and remain blissfully igno¬ 
rant that they’re using an application server. Soon, you may even be 
able to use ZPT attributes with application servers other than Zope (see 
the box “Zope Page Templates-Not Just For Zope Anymore”). 

I’ve only touched on the basics of ZPT here. The next release of The 
Zope Book will have a full chapter on the subject. Once you’ve experi¬ 
mented with this technology, I’m sure you’ll find a ZPT-compatible 
application server a worthwhile addition to your infrastructure. >< 

Amos Latteier (amos(a)zope.com) is a programmer and writer with Zope 
Corporation, based in Portland, Oregon. He has worked on Zope since 

before it was called that, and he co-authored The Zope Book with Michel 
Pelletier. 
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REVIEWS 


Threshold Networks 
www.thresholdnetworks.com 

$9995 plus sliding per-node license fee. 


Easy Host Names Management 

The Edge IP is an appliance for IP management, 

designed to simplify life for anyone who admin¬ 
isters host names and IP addresses for a large 
network. If you have an IP-based network with 
hundreds or even thousands of systems 
connected to it, this product is designed for you. 
Hook it up, switch it on, and you’re off and 
running with a complete set of DNS and DHCP 
services. 


The Hardware 

I tested the Edge IP2000 model, which is a 2U 
(3.5-inch-high) rack mount server. It has an 
LCD display and buttons on the right. Behind 
the decorative aluminum front panel are four 
SCA drive bays. The back panel has the usual 
complement of PC-style connectors, includ¬ 
ing two 10/100 RJ-45 network connectors. The 
package also contains a CD-ROM with PDF- 
format documentation and a quick-start 
cheat sheet. 

After unbolting the lid on the Edge IP’s deep 
blue rack mount case, I found a respectable 
collection of high-end commodity PC parts. The 
test unit had a Tyan 2510 motherboard with 
dual 933MHz Pentium III processors and 2GB of 
ECC SDRAM. Two hot swap 36GB Ultra 160 SEMli 
drives are connected to an IDT Vortex 
controller, which is configured as a RAID-i 
mirror. I’d love to have a setup like this for my 
Web server. 


DNS and DHCP work; certainly nothing 
here will teach you. If you’re a newcomer 
to these protocols, you’ll definitely need to 
purchase some good network management 
books. 

This unit acts as a DNS name server and a 
DHCP address server. It also supports dynamic 
DNS. This is where the DHCP server updates 
the IP address associated with a given name 
in the DNS server, so that a name remains 
valid even after DHCP assigns a new address. 

To make it easier to integrate the server 
into your network, the Edge IP can scan your 
network. After the scan completes, you must 
manually enter the data necessary to fully 
specify the system names and whether the 
DHCP server will be supported. You can also 
fingerprint each system to determine which 
services it’s running. All data is permanently 
stored in a SQL database. You can also import 
a database from conventional Unix and NT- 
based DNS servers, or even from a text file. 

The backup button on the System Controls 
menu lets you save a tar format file on your 
workstation. This file contains a small set of 
critical documents including the DNS config¬ 
uration files and the SQL database contents. 
No other files can be modified from the Web 
interface, so I suppose Threshold assumes 
that you have no need to back them up. This 
may be in keeping with this product’s appli¬ 
ance orientation, but as a system administra¬ 
tor, I’m not comfortable unless I can perform 
a complete backup and restore on every 
server I manage. 

The Web interface also has a menu to set up 
a firewall on the Edge IP, but the user interface 
is pretty opaque. I suggest that you steer clear 
of it. Use your Edge IP as a DNS/DHCP server 
and get a separate dedicated firewall. 


Basic Operation 

Following the instructions on the cheat 
sheet, I plugged in the Edge IP, ran a network 
patch cable to my hub, and powered it up. I 
set the IP address of the server using its 
front panel controls. As instructed, I used 
Internet Explorer with the Java 1.3.0 plugin 
provided on CD-ROM. Everything worked as I 
expected. 

The Web-based interface is reasonably well 
laid out. After a few minutes of pointing and 
clicking, I could easily find my way around. I 
guess the company assumes that anyone 
buying this product already understands how 


Familiar Software 

Most of the installed software comes straight 
from the original Red Hat 6.2 disk. The kernel 
has been updated to a very recent version 
2.4.7. Likewise, the DNS and DHCP servers are 
custom compiled versions of the standard ISC, 
open-source, BIND package. This a relief 
because the ones in Red Hat 6.2 were buggy. 
On the other hand, for some reason Threshold 
neglected to install any of the other security 
updates available from Red Hat for 6.2. There’s 
no excuse for this. 

The installed database server is MySQL 
3.23.36, which is reasonably up to date. The 


Pros 

r ^ 1 

Cons 

Industry standard, 

Need to keep it 

high-quality hard¬ 

behind your own 

ware and software 

firewall and have 

are very reliable. 

the latest OS 
patches installed 
for better security. 


MySQL tables are only used for the Web inter¬ 
faces. The databases for BIND are stored in 


flat text files that you have to reparse when¬ 
ever you update the files. This doesn’t affect 
overall server performance because the BIND 
daemons keep the entire table contents in 
memory. 

Support Included 

I used to support a network with around 400 
nodes on it with a 170MHz DNS server, based 
on Unix and BIND. It never broke a sweat. Given 
the hardware configuration of the Edge IP (lU 
Edge iooo has a single 800MHz processor), it 
should easily support 1000 nodes. The base 
price on the lU Edge 1000 is $4995. 

The minimum license fee for either model is 
for 1000 nodes and will set you back $3000. 

The fee for 10,000 nodes is $17,500. If you have 
10,000 workstations on a network, that may 
seem like a bargain. 

You could assemble your own DNS/DHCP 
server that’s similar to this one by installing 
any recent Linux distribution on it. However, 
Threshold did a reasonable job on its interface. 
Its Web interface will protect you from making 
many data entry errors, and BIND is very bad at 
dealing with many subtle typos. 

The real value-added portion of Edge IP 
comes toward the bottom of the price sheet. 
The price includes delivery, installation, and up 
to eight hours of on-site support. In most 
cases, a knowledgeable installer should be able 
to configure the Edge IP for your network, 
import an existing database if you have one, 
and still have time to show you how to perform 
basic operations. 

Would I buy one? No, I’d buy two. In the 
right situation (deeper pockets), I’d use a pair 
of the lU servers in master/slave mode to 
improve redundancy. I’d be able to set them up 
quickly, and I know the software underneath is 
up to these tasks. 

—Brian Wilsoi 
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Sun Netra XnU Sparc server 

Sun 

www.sun.com 

$995 


Sun Breaks the Price Barrier 

I must admit my fondness for Sun hardware. I 

ran my Web server on an old Sun 3/80 for a 
couple of years, and it just cranked along. No 
crashes, no reboots. It was too slow to use as 
a workstation but it made a fine Web/email 
server. I’ve seen many a venerable Sparc 2 
pressed into service as NFS, email, and Web 
servers, long after similarly aged PCs would 
have been retired. Sun hardware has been very 
reliable for me. 

Unfortunately, although they have long life 
spans, Suns also have big price tags. The 
cheapest Ultra 5 and 10 workstations run from 
$2000 to $4000, which would buy a lot of Intel 
PCs these days. Recently, however, Sun broke 
the price barrier when it introduced the Netra 
Xi rack-mount server and its cousin, the Blade 
loo Workstation, at $995 each. For this review, I 
put the Netra Xi through its paces. 

A Look Inside 

I was immediately struck by how compact the 
lU case is; it’s just 13" deep. I paused to consider 
the possibility that Sun has been listening to 
people who use rack mount servers. Netra Xi 
comes with tabs you can move to center or front 
mount it. It has indicator lights on both the 
front and rear panels. The serial ports use RJ45 
connectors, so you can use cat 5 network cables 
to connect them directly to a terminal server. 

When I pulled the lid off (two thumbscrews 
hold it on), I found a single CPU board with 
space for up to 2GB of PC133 SDRAM (128MB is 
standard), a power supply, and one 40GB 
720orpm EIDE drive. There’s room for a second 
drive, but no removable media drive. The layout 
is clean and simple. The CPU is a 500MHz 
UltraSparc. Both the memory and the hard drive 
are commodity PC parts. Even with the lid 
removed, the case remained stiff; this is unusual 
for a lU case. The Xi has two tiny cooling fans 
and space for a third. They’re noisy enough that 
you won’t want this system near your desk. 

On the back panel are two 10/100 ether 
ports, two serial ports, and two USB ports. 

One of the serial ports talks to a special Lights 
Out Management (LOM) microcontroller that 
runs whenever the system is plugged in. Even 
when Netra Xi is powered down, you can check 


system status and bring it up to full power by 
issuing commands via the serial port. The 
controller has its own event log so you can 
check the last 700 or so system events at any 
time. It also has a watchdog timer. You can set 
the timer to automatically restart Netra Xi if it 
detects that the system has stopped running. 
To communicate with LOM, you just type 
commands at the lom> prompt when the 
main CPU is down. After booting, there is a 
lom command that talks to the LOM processor. 
You can change settings and read system 
status. LOM is also accessible via SNMP. 

The back panel also has an SCC card plug¬ 
ged into a slot. This is a small card containing 
the system’s identity. If you have licensed 
software locked to the system serial number 
(the host ID number), and your current Xi dies, 
you can move the card to a new system with¬ 
out worrying about updating the software 
licenses. This is a neat feature if you use node- 
locked software. A lot of software (both Sun 
and third party) for Sun hardware requires the 
host ID number. So normally, to move soft¬ 
ware to a replacement system you must 
contact each vendor and apply for replacement 
license strings. When you move the SCC card 
to a new system, no changes are required. To 
prevent card sharing, power down the system 
to remove the card, that way the system won’t 
boot without the card in place. 

The Xi has no CD-ROM or floppy drive. To 
recover from a disk crash, you have to boot 
over the network from a Solaris install server. 
An install server is a system that has been set 
up with special server software and a full copy 
of Solaris 8 installation media. The install 
server can be Sparc or Intel based, but it has 
to be running Solaris, too. Barring hard drive 
crashes, you rarely need an install server. 
However, setting one up is not a trivial task. 

Power Up 

After replacing the lid, I followed the instruc¬ 
tions on the big multilingual poster in the box. 
The instructions condense to three steps. First, 
install it, then configure it, and finally, visit our 
Web site for more help. 

On the poster, Sun should mention that for 
step two, you need to connect the serial port to 
a PC terminal program and answer about 20 
questions. This is the same information you 
need to enter from the console of any Sun 
machine. If you’re used to Solaris, it’s no big 
deal, but the user interface is clunky by modern 
standards. 

Once I had the Netra Xi running, I poked 
around to see what software was pre-installed. 


4 '•* 

1 ■ ' 

Pros 

Cons 

Good hardware to 

No software other 

add to your server 

than Apache is 

farm. Solid Solaris 8 

preinstalled. 

operating system. 



Solaris has long had a reputation of being one 
of the most stable operating systems around, 
especially when it’s running on Sparc hard¬ 
ware. That’s why most people want a Netra 
Xi. I’ve become spoiled by Linux, where 
distributors compete to see who can add the 
most extra goodies. Then again, there are still 
areas that are just shaping up on Linux that 
have been solid on Solaris for years (NFS 
comes to mind). For a server, stability may be 
more important than lots of features, but all 
the same, I miss the features! Solaris 8 does 
come with Apache 1.3.12, and I managed to 
find it and start it. I was hoping for a rich, 
interactive online help system to guide my 
further explorations, but instead I got the 
standard Apache “It worked!” page. 

When I talked with Sun’s reps, they told 
me that the Xi was targeted at two groups. 
The first target is Sun shops that want to add 
a server or two to perform some dedicated 
function, such as a DNS or NIS server, or 
perhaps a small Web server or Web cache. 
Second, by offering a low cost server, Sun 
wanted to attract folks who are currently 
using Windows or Linux/Intel servers and get 
them to try Solaris on Sparc hardware. Sun 
shops will no doubt find Netra Xis handy and 
cost effective. The shops will already have 
Sparc code development software, file 
servers, and back-up systems in place, so 
adding one or many Xis will be easy. Using an 
Xi as a compute server is especially easy if 
you already run Sun NIS+ directory services 
and share disk space via NFS. 

Alternatively, if you have a burning desire 
to own your first Sparc system, you should 
test the waters with a system like the 
SunBlade loo. This system is equipped with 
a bootable CD-ROM so that you can re-install 
Solaris if necessary. Although Netra Xi comes 
with Solaris 8 preinstalled, it’s a blank slate, 
and you’ll have to do some work to make it 
useful. 

-Brian Wilson 


Brian is cofounder of Harbro Systems. Write to 
him at bwilson(a)harbrosystems.com. 
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The Internet brings unprecedented 

complexity to an already complex problem, 
forcing us to re-examine its intellectual 
foundation. 


Eugene Eric Kim 

The Intellectual Foundation 
of Information Organization 

By Elaine Svenonius 
The MIT Press, 2000, 255pp. 

$37 

This month’s review is about philosophy, and 

why you—whether you’re a Web developer, Web 
user, or overall Web junkie—should care. It 
starts with a question posed by Elaine Svenon¬ 
ius in The Intellectual Foundation of Information 

Organization. Svenon¬ 
ius asks, was Lewis 
Carroll the same 
person as Charles 
Lutwidge Dodgson? 

For example, if you 
were to search for 
books written by 
Lewis Carroll, would 
you want the search 

engine to return books written by Charles 
Lutwidge Dodgson as well? 

According to the second edition of the 
Anglo-American Cataloging Rules, the answer is 
no. A search for books written by Lewis Carroll 
would return Alice in Wonderland, but not Euclid 
and his Modern Rivals. For the latter, you would 
have to search for books written by Dodgson. 

Whether or not you agree with this rule, we 
can all agree that organizing information can be 
confusing. And the mountain of bits steadily 
accumulating on the Internet and in our email 
and Web browsers is only making the task 
harder. 

Fortunately, a small segment of our popula¬ 
tion, librarians, has been dealing with the prob¬ 
lem of information organization since 2000 
B.C. Who better to turn to in our time of need 
than people with thousands of years of accu¬ 
mulated expertise and experience? 

Applying our conceptual understanding of 
information organization to the Internet is a 
necessary and promising endeavor, as it enables 
initiatives such as the Semantic Web. However, 
the Internet also brings unprecedented com¬ 
plexity to an already complex problem, forcing 
us to re-examine its intellectual foundation. 

Svenonius, a Professor Emeritus of Library 
Information Science at UCLA, offers a primer 
on the past, present, and future directions of 
the information sciences in her book, The 
Intellectual Foundation of Information 
Organization. The book is dense and deeply 


technical at times, but the content she pres¬ 
ents is invaluable. Svenonius provides a frame¬ 
work for understanding and thinking about 
the problem of information organization by 
describing its conceptual basis. 

Philosophy of Information 
Organization 

The first half of the book delves into the philo¬ 
sophical underpinnings of information organi¬ 
zation, and the first chapter is devoted almost 
entirely to definitions. Svenonius defines a 
document as the embodiment of a work or 
expressed thought. The distinction between 
document and work is a crucial one. Tb is 
becomes clear when you think in the context of 
library catalogs. Do the first and second folios 
of Shakespeare’s “Hamlet” constitute the same 
work? Most would say yes. Are they different 
documents? Again, most would answer affir¬ 
matively. 

How about a French translation of “Hamlet” 
versus the original text? Would those be con¬ 
sidered the same work? Probably yes. What 
about Laurence Olivier’s 1948 rendition of 
“Hamlet”? Probably no, but if that’s the case, 
then what’s the relationship between the 
movie and textual versions of “Hamlet”? 

Those who catalog information face these 
issues constantly. We need a rigorous under¬ 
standing of the philosophical and linguistic 
elements of information organization so that we 
can apply them to more automated solutions. 

Much of the book deals with bibliographies, 
which act as both catalogs and representations of 
information. Svenonius explains that a bibliogra¬ 
phy’s purpose is twofold: to locate a book or other 
information entity, and to locate sets of entities 
based on certain criteria. She then describes bibli¬ 
ographic theory, and in the latter half of the book 
she examines several real bibliographic systems, 
like the Dewey Decimal System. 

Implications for the Internet 

Svenonius makes it evident that completely 
fulfilling the objectives of bibliographic systems 


is a complex and expensive proposition. At the 
same time, systems that only partially fulfill 
these requirements are far from useless. 

Part of the motivation behind the Semantic 
Web initiative is to create better searching 
capabilities. Searches for Celtics on the Web 
will likely turn up pages on Irish culture, when 
you may be more interested in reading about 
Bill Russell and Larry Bird. It would be wonder¬ 
ful if you could make the Web understand that 
you’re looking for information on basketball 
dynasties and not the Celtic harp. 

Despite the fact that we haven’t yet 
achieved this exact ideal, we can make do with 
what we have. Most of us know that narrow¬ 
ing the search term to Boston Celtics will yield 
the information we want. While keyword 
searching doesn’t satisfy all of the require¬ 
ments for bibliographic systems, it does serve 
its purpose well and is relatively cheap to 
implement. 

Svenonius writes, “An important question 
today is whether the bibliographic universe can 
be organized both intelligently (that is, to meet 
the traditional bibliographic objectives) and 
automatically.” This is the crux of the problem 
we face with the Internet. 

Svenonius also admits that the Internet has 
already succeeded in organizing itself to an 
extent, “A self-organizing bibliographical uni¬ 
verse nevertheless succeeds in meeting the bibli¬ 
ographic objectives in part, occasionally, and 
somewhat randomly. And for many documents 
and many users, that is all that is needed.” 

Nevertheless, the Internet’s current state of 
self-organization is primitive, and it doesn’t 
always meet users’ needs. To improve the situ¬ 
ation, we’ll need a strong understanding of 
the principles Svenonius describes. While The 
Intellectual Foundation of Information 
Organization is a challenging read, it’s also a 
worthwhile one. >< 

Eugene writes, programs, and consults on a 
freelance basis. Email him at eekim(a)eekim.com. 
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ACCESS 


lntranets.com began as a free service. Now CEO Rick Faulk has taken the 
company to a subscription-only model, and he isn’t looking back. 





Intranets.com offers corporations and small businesses 

secure Web sites where they can share documents, host 
email and group calendars, and perform other online func¬ 
tions. Until recently, it was free to users; but when advertis¬ 
ing stopped paying the bills, lntranets.com transitioned to 
a completely fee-based service. Now boasting over 100,000 
paid subscribers at more than 6,000 businesses, it has 
become one of the top subscription ASPs. Web Techniques 
asked CEO Rick Faulk how he did it. 

WT: Was a subscription service part of Intranets.com’s 
business plan from the beginning? 

RF: Our original business plan was a model supported 
primarily by advertising and advertising-related products, 
such as sponsorships, opt-in mail, and e-commerce. We 
faced the same challenge as any company in the dot-com 
world: increase revenues or risk running out of cash. 


future product development, so the product enhancements 
could continue on schedule, and devoted everyone else in our 
company to creating and supporting the conversion process. 

WT: So you developed your subscription management 
software in-house? 

RF: The lntranets.com service has always consisted primarily 
of proprietary software technology. We have, on rare occa¬ 
sions, integrated established functionality from outside 
parties. When we migrated to a fee-based service, apart 
from integrating third-party credit card processing, we kept 
all of the software in-house, including the subscription 
registration pages. We also created software to facilitate 
the conversion. It allowed us tremendous flexibility in 
communicating with our customers, and offered multiple 
options for members to subscribe. We also created a propri¬ 
etary billing system to give us even more flexibility. 

I 


WT: And you believe that fee-based services are the best 
way for companies to generate income? 

RF: The dot-com boom years fostered tremendous creativity in 
both content and services, creating the spark for businesses 
and consumers to begin using the Web en masse. For the 
businesses producing these services to survive, of course, 
they must be able to generate revenue. So we have paying 
subscribers. This is a pretty traditional business model. We 
believe it’s the way to go with infrastructure and services. 

As companies consolidate, we may see greater viability 
for an advertising-supported model, particularly for con¬ 
tent. In this way, the dot-com shakeout may help stabilize 
the ad model by reducing the number of players, and creat¬ 
ing mini-monopolies for various types of content. 

WT: For you, the switch to an exclusively fee-based model 
was fairly swift. Why not phase in the process over time? 

RF: At first, we offered users the choice of subscribing to 
either the free service or our new, paid service. We differen¬ 
tiated the two versions through ads, amount of storage, 
and functionality provided. We spent a lot of our resources 
on maintaining two versions of the product, but the pres¬ 
ence of a choice created a barrier to paid subscriptions. If 
the free product is good enough, there’s no need to sub¬ 
scribe to the paid version; if the free product is dramatically 
de-featured in order to differentiate it, users often conclude 
the product isn’t worth paying for. 

WT: OK; once you made that decision, how did you attack 
the problem of actually deploying a subscription service? 

RF: During the conversion process, we temporarily redeployed 
our resources. We reserved one group to concentrate on 


WT: What tools and technologies do you use in your 
infrastructure? 

RF: On the front end, we run Windows NT 4.0 and IIS 
4.0. We use VBScript, JavaScript (both client and server), 
DHTML, XML/XSLT, and COM components. Our back end is 
made up of highly reliable clustered NT servers, running 
Microsoft SOL 7.0 to store our customers’ data. Our 
network architecture is designed for maximum reliability 
and scalability. 

WT: How difficult was it to convince your customers to 
come along after the switch? 

RF: We had several things going for us when we switched 
from free to paid. The biggest by far was the size and com¬ 
mitment of our member base. With our post-conversion 
customer base reduced to just a fraction of its earlier, free- 
service size, our customers actually enjoy an improved level 
of service and performance. 

We also had the advantage of timing. We had enough 
cash to wait until the market conditions were right. Once 
customers saw that the free party on the Web was over, 
they were willing to pay for something of value. 

WT: Of course, few for-fee sites can claim real profits from 
the subscription model so far. Is there reason to hope that 
this will change? 

RF: Absolutely. As businesses grow more sophisticated in 
their use of the Web to conduct business, it will be far more 
natural for businesses to think, “Web,” when seeking solu¬ 
tions to their business needs. If you can identify a suitable 
market, and then offer something of value, you can be prof¬ 
itable and win. That’s the American way. >< 
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But we're not just another hosting company 


DataPipe has a 98% Client Retention Rate. Because we are a profitable, privately held, 
employee owned company, we have a vested interest in your success that others simply do 
not. In a challenging market we have achieved stability and consistent growth by staying 

focused on client satisfaction. 


At DataPipe, there are no automated attendants. You're 
connected with real people ready to provide support 24 
hours a day, seven days a week, 365 days a year, with 
an average hold time of less than a minute. 

We offer a state of the art data center powered by a rock 
solid, lightning fast and fully redundant network. Our 
network is built on a Dual OC192 Backbone and a Gigabit 
Fiber Optic Infrastructure featuring Juniper Routers as 
well as Cisco and Extreme Switches. Utilizing direct 
access to each of the major backbone providers, we 
deliver mission-critical speed and reliability. And by 
providing generous bandwidth allowances as well as the 
latest technology at lower prices than our competitors, 
our services come at an unbeatable value. 

From our secure location, DataPipe delivers dependable 
performance through a number of redundant subsystems: 
multiple fiber trunks from multiple sources, fully redundant 
power on the premises and multiple backup generators. 
This allows us to provide you with our 99.99% network 
uptime guarantee. 


Experience the unique support, value and 
services that only DataPipe can provide. 



Featured Dedicated Server Solutions 

Your choice of Windows 2000, FreeBSD or RedHat 
Linux. Servers can be configured to your 
specifications. Call for a quick quote! 1-877-773-3306 

Fast Start 

30GB Hard Drive, 256 MB RAM, Intel P3 1 GHz 
Processor, 50 GB Data Transfer, 10 IPS 

UNIX $295 per month, WIN2K $345 per month 

Business 

Dual 9 GB SCSI Hard Drives, 512 MB RAM, Intel P3 
1 GHz Processor, 75 GB Data Transfer, 20 IPS 

UNIX $395 per month, WIN2K $495 per month 

Corporate 

Dual 18 GB SCSI Hard Drives, 1 GB RAM, Intel P3 
1 GHz Processor, 100 GB Data Transfer, 30 IPS 

UNIX $520 per month, WIN2K $625 per month 

Enterprise 

Compaq DL380. Four 18 GB SCSI Drives, 1 GB RAM, 
Dual Intel P3 1 GHz Processors, 200 GB Data Transfer, 

50 IPS 

UNIX $895 per month, WIN2K $995 per month 

Talk to us about Managed Solutions, Firewall Security, 
VPN, Clustering, Load Balancing, Storage Solutions 


www.D3taPipe.oom 1 _877_773_3306 
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SIGN UP FOR OUR WEB HOSTING SOLUTIONS AND SAVE UP TO $850 * 
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Reach new profits, 
new customers and 


Give your online business room to grow with our shared and dedicated Web hosting plans. 


INTERLAND'S TRUE ADVANCED PLAN 


• Disk storage 300 MB 

• Monthly transfer 10 GB 

• 50 POP e-mail boxes 

• Free installation 

• Free month of hosting 

• Free site FTP 

• Interland's True Advanced Shared Plan 
starting at $49.95/mo. 

SAVE up to $200* 


INTERLAND'S ACCELERATOR 100 PLAN 


• Disk storage 18 GB hard drive 

• Monthly transfer 30 GB 

• 150 POP e-mail boxes 

• Free installation 

• 3 mo. Free Web Trends: Analysis and 
reporting for optimal Web site management 

• Interland s Accelerator 100 Dedicated Plan 
starting at $549.95/mo. 

SAVE up to $850* 


Call Interland at 1 - 866 - 279-0490 or visit lnterland.com 
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